Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection, problem unknown


  • This topic is locked This topic is locked
42 replies to this topic

#1 LPMA

LPMA

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 04 November 2011 - 07:43 PM

Hello, as the thread title says, I was asked to post about my problem here after a thread in Am I Infected?

The thread is located here: http://www.bleepingcomputer.com/forums/topic425755.html/page__gopid__2463118

Here is a summary of the problem as written in the original topic:

Hello,

I started having this issue yesterday. I have a Dell mini 10v computer using XP that I use mainly around the house when I don't feel like being tied down to a desktop. Yesterday, it was having a particularly slow day and I decided to reboot, since I tend to leave it on for extended periods of time. After the restart, the services took an extremely long time to start up and also wouldn't show a "user name" under Task Manager for a while. Once my internet icons showed up in the task bar, I noticed that my wireless connection was detected but somehow my computer couldn't receive information from it. I also noticed no IP address seems to be assigned to that connection.

I have traced back this error to the DHCP service not starting (dependency issue error 1068). This in turn seems to be caused but the TCP/IP driver also not starting, which in turn is said to be because of a nonexistant "IPSec Service". I have verified, and ipsec.sys is still present. Manually starting any of these has only resulted in failures.

Since the error has started, I have also noticed that whenever I shut down or reboot the computer, this unknown program hangs and I need to end it manually. The window shows a long string of alphanumeric characters {E236BEBA-0915... I have not been able to locate that program either through my startup applications or on the hard drive.

I have tried the following so far (in no particular order):

-Updated and ran Malaware (both in regular and safe mode)
-Ran TDSSKiller (both in regular and safe mode)
-Used system restore, tried various system checkpoint in the past month but none were successfully restore (both in regular and safe mode)
-Replaced ipsec.sys with a fresh copy
-Ran the Windows utility that verifies the integrity of system files (forgot its name)
-Ran avast (although the definitions haven't been updated)
-ipconfig /all returns no results
-Ran HiJackThis, nothing seemed out of the ordinary
-Haven't identified any potential viruses in Startup applications or services

I was prepared to format and reinstall XP, but would very much like to save myself the trouble if possible. Any help is appreciated!

ETA: I also noticed yesterday that manually closing my computer (folding the screen over the keyboard) does not prompt it to go into Standby mode as usual


DDS logs: I was actually unable to run DDS all the way through, it kept closing, so I ran it in Safe Mode. Hopefully the information is the same.

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by LPMA at 18:19:25 on 2011-11-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.799 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RemoteControl11] "c:\program files\cyberlink\powerdvd11\PDVD11Serv.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\lpma\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6508DA9B-47F4-445C-ACB7-29F47F222976} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lpma\application data\mozilla\firefox\profiles\odcan8oy.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\lpma\application data\mozilla\firefox\profiles\odcan8oy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\lpma\application data\mozilla\firefox\profiles\odcan8oy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {37E090E2-CC5D-457D-A777-2C83A7476893} - c:\documents and settings\lpma\local settings\application data\{37E090E2-CC5D-457D-A777-2C83A7476893}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2010-1-5 14248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-3 64512]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-5 162816]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-31 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-31 301528]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/12 12:37:19];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-8-12 77296]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-31 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-31 42184]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-8-12 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-8-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2011-8-12 312616]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-21 54760]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-10-20 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-8-12 71664]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-5 1684736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-5 143840]
S3 cxbu1wdm;OEM USB Smart Card Reader;c:\windows\system32\drivers\cxbu1wdm.sys [2011-10-8 112768]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-6-10 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-6-10 8456]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
S3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2010-1-5 134144]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2010-1-5 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2010-1-5 272256]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2152152]
.
=============== Created Last 30 ================
.
2011-11-04 02:09:17 -------- d-----w- c:\windows\system32\NtmsData
2011-11-04 01:46:26 -------- d-----w- c:\windows\system32\CatRoot2
2011-11-04 01:37:30 -------- d-----w- C:\ERDNT
2011-10-31 03:31:24 -------- d-----w- c:\program files\Felipe Corsino
2011-10-31 02:34:26 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-31 02:01:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-31 02:01:45 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-31 02:01:44 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-31 02:01:38 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-31 02:01:31 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-31 02:01:19 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-31 02:01:12 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-31 02:01:10 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-31 02:01:05 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-31 02:01:03 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-31 02:00:36 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-31 02:00:30 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-31 02:00:16 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-31 02:00:08 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-31 02:00:02 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-10-31 02:00:01 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-10-31 02:00:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-10-31 01:58:54 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-10-31 01:58:54 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-31 01:58:53 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-10-31 01:58:47 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-31 01:58:41 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-31 01:58:34 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-31 01:58:30 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-10-31 01:58:24 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-31 01:58:17 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-31 01:58:10 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-31 01:58:04 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-31 01:56:57 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-10-31 01:56:49 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-10-31 01:56:41 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-10-31 01:56:33 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-10-31 01:56:27 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-10-31 01:56:21 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-10-31 01:56:14 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-10-31 01:56:12 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2011-10-31 01:56:05 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-31 01:56:04 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2011-10-31 01:55:55 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-31 01:55:49 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-10-31 01:55:43 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-10-31 01:55:36 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-10-31 01:55:31 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-10-31 01:55:25 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-10-31 01:55:17 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-10-31 01:55:11 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-10-31 01:55:10 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-10-31 01:55:04 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-10-31 01:53:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-31 01:53:46 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-31 01:53:39 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-31 01:53:28 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-10-31 01:53:22 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-10-31 01:53:17 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-10-31 01:53:11 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-10-31 01:53:06 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-10-31 01:53:00 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-10-31 01:52:54 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-10-31 01:52:48 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-10-31 01:52:41 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-10-31 01:52:36 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-10-31 01:52:29 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-10-31 01:52:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-10-31 01:52:13 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-31 01:52:12 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-10-31 01:52:03 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-10-31 01:50:59 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-10-31 01:49:59 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe
2011-10-31 01:48:58 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-31 01:48:57 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2011-10-31 01:48:57 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-10-31 01:48:43 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-31 01:48:37 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-31 01:48:32 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-31 01:48:27 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-10-31 01:48:22 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-10-31 01:48:14 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-10-31 01:48:08 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-10-31 01:48:06 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-10-31 01:48:01 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-10-31 01:46:54 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-10-31 01:45:59 29184 -c--a-w- c:\windows\system32\dllcache\rw330ext.dll
2011-10-31 01:44:57 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-31 01:43:57 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-10-31 01:42:58 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2011-10-31 01:41:57 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-10-31 01:41:52 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-10-31 01:41:47 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-10-31 01:41:42 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-10-31 01:41:36 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-10-31 01:41:31 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-10-31 01:41:26 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-10-31 01:41:21 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-10-31 01:41:17 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-10-31 01:41:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-10-31 01:41:06 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-10-31 01:41:03 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-10-31 01:40:58 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-10-31 01:40:56 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-10-31 01:40:52 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-31 01:40:46 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-31 01:40:43 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2011-10-31 01:40:33 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-31 01:40:33 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-31 01:40:28 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-31 01:40:23 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-31 01:40:21 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-31 01:40:11 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-31 01:40:06 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-31 01:39:59 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-31 01:39:58 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-31 01:39:47 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-31 01:39:41 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-10-31 01:39:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-10-31 01:39:31 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-10-31 01:39:23 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-10-31 01:39:18 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-10-31 01:39:14 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-10-31 01:39:09 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-10-31 01:39:05 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-10-31 01:39:00 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2011-10-31 01:37:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-31 01:37:52 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-31 01:37:39 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-31 01:37:36 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2011-10-31 01:37:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-31 01:37:35 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-31 01:37:19 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-31 01:37:12 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-31 01:37:10 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-31 01:37:00 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-31 01:35:58 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2011-10-31 01:34:58 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2011-10-31 01:33:57 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-10-31 01:32:59 307257 -c--a-w- c:\windows\system32\dllcache\imjpdct.exe
2011-10-31 01:31:58 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-10-31 01:30:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-10-31 01:29:57 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-10-31 01:28:59 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2011-10-31 01:27:59 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-10-31 01:26:57 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-10-31 01:25:59 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-10-31 01:24:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2011-10-31 01:23:58 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2011-10-31 01:22:59 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-31 01:21:59 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2011-10-31 01:20:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-31 01:19:58 25471 -c--a-w- c:\windows\system32\dllcache\atv04nt5.dll
2011-10-31 01:18:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-10-31 01:17:43 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2011-10-30 19:46:36 11264 ----a-w- c:\documents and settings\lpma\application data\75dfp45bi.exe
2011-10-30 19:29:57 11264 ----a-w- c:\documents and settings\lpma\application data\tcrqax9z2.exe
2011-10-30 19:13:03 59392 ----a-w- c:\documents and settings\lpma\application data\gfj838tc.exe
2011-10-21 02:34:10 -------- d-----w- c:\documents and settings\lpma\Calibre Library
2011-10-21 02:33:26 -------- d-----w- c:\documents and settings\lpma\application data\calibre
2011-10-21 02:32:21 -------- d-----w- c:\program files\Calibre2
2011-10-14 02:25:13 -------- d-----w- c:\program files\iPod
2011-10-14 02:24:56 -------- d-----w- c:\program files\iTunes
2011-10-14 02:15:10 -------- d-----w- c:\program files\Bonjour
2011-10-08 16:50:59 112768 ----a-w- c:\windows\system32\drivers\cxbu1wdm.sys
.
==================== Find3M ====================
.
2011-09-11 02:15:13 4608 ----a-w- c:\windows\system32\temp.000
2011-09-11 02:14:51 286720 ------w- c:\windows\Setup1.exe
2011-09-11 02:14:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 18:21:56.68 ===============


Any help is greatly appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 11:37 AM

Hell LPMA,

Welcome to this forum.:)

Do you still have connection issue? No need for any log at this time.

#3 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 12:03 PM

Hello and thanks for the quick response!

I am still having connection problems at this moment. My system is also incredibly slow, which might in turn be caused by the various Internet-related services not being capable of starting. Also, yesterday while in the process of backing up my data just in case, I had an extremely hard time with Windows Explorer hanging quite frequently.

Thanks again!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 12:13 PM

Thanks for the feedback. We might be able to fix this the next round. But first I want to get confirmation.

I have send you a PM (Private Message) as the tool is not released. Please run the tool and post the log.

#5 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 12:57 PM

Hello,

I have sent a reply to your PM.

Thanks!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 01:07 PM

Thanks. It looks the tool was not the latest version. I have just uploaded the latest version. Please delete your version and download the latest version and run it.

Please no need to run or post any other log than requested. We perform all the operations in normal mode unless requested.

Also please post the result of the new scan into the forum instead of the PM. Thanks.

#7 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 01:22 PM

Here is the newest log:

Farbar Service Scanner
Ran by LPMA (administrator) on 06-11-2011 at 13:19:28
Microsoft Windows XP Service Pack 3 (X86)

***********************************************************************
========================= Internet Connection Services: ================

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip: "system32\DRIVERS\tcpip.sys".

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service might not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service might not exist.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

File Check:
===========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-25 15:33] - [2008-04-14 07:00] - 0045568 ____A (Microsoft Corporation) 474B4DC3983173E4B4C9740B0DAC98A6



**** End of log ****



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 01:41 PM

Well done. :thumbup2:

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage, even leaving the system unbootable:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
  • Please download and transfer it to the infected computer.
    Double-click to run it and confirm the prompt.
  • Restart and tell me if you have connection now.


#9 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 01:55 PM

Hello again,

I just ran through the steps and rebooted, and everything seems to have been left unchanged. Still no connection, and the services took a long time to start. I double checked to make sure, and Automatic Updates are still turned off. I checked in Event Viewer, I am now getting the following 2 errors:

The TCP/IP Protocol Driver service failed to start due to the following error:
The system cannot find the file specified. (event ID 7000)


and

The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The system cannot find the file specified. (event ID 7001)



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 01:59 PM

Please run the tool again and post the log.

#11 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 02:04 PM

Here it is!

Farbar Service Scanner
Ran by LPMA (administrator) on 06-11-2011 at 14:03:05
Microsoft Windows XP Service Pack 3 (X86)

***********************************************************************
========================= Internet Connection Services: ================

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip: "system32\DRIVERS\tcpip.sys".

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

File Check:
===========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-25 15:33] - [2008-04-14 07:00] - 0045568 ____A (Microsoft Corporation) 474B4DC3983173E4B4C9740B0DAC98A6



**** End of log ****



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 02:28 PM

Now IpSec driver service is running but tcpip is not running.

  • Go to Start > Run and type in cmd
    Type in the following line and press Enter:

    netsh int ip reset
  • Reboot and post a fresh FSS log.


#13 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 02:44 PM

I tried running the netsh int ip reset command, it said "One or more essential parameters were not entered."

I rebooted and reran the tool, here's the log:

Farbar Service Scanner
Ran by LPMA (administrator) on 06-11-2011 at 14:41:17
Microsoft Windows XP Service Pack 3 (X86)

***********************************************************************
========================= Internet Connection Services: ================

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip: "system32\DRIVERS\tcpip.sys".

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

File Check:
===========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-25 15:33] - [2008-04-14 07:00] - 0045568 ____A (Microsoft Corporation) 474B4DC3983173E4B4C9740B0DAC98A6



**** End of log ****



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 AM

Posted 06 November 2011 - 02:58 PM

Please
Run it on the infected computer by double-clicking it.
The command prompt opens. You need to press a key. But before that see if any error is mentioned.
Also if the operation is successful there will be a resetlog.txt on the desktop. Please post it to your reply.

#15 LPMA

LPMA
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 November 2011 - 03:03 PM

Ran it, the resetlog.txt document said "<completed>". I am now in the process of rebooting.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users