Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Internet connectivity after virus clean


  • Please log in to reply
15 replies to this topic

#1 Smurf Inferno

Smurf Inferno

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 22 December 2011 - 11:38 AM

I have an issue similar to RogueZ's. My wife's computer got the Win 7 Security 2012 virus. And I followed the instructions on this site for removing it. I ran the FixNCR, the rKill, and finally Malwarebytes. I deleted the one virus it detected. Then I lost connection to the Internet, and after rebooting it still does not connect. I tried to restore the system to an older date, but both those failed. I also ran Microsoft Security Essentials full scan but it found nothing.

She's running Windows 7 on a Toshiba Portege M780-S7220 tablet computer. We have a wireless connection through a Qwest Q1000 router. Because she cannot connect to the Internet, I'll be getting your instructions on my computer and trying to carry them out on hers. Thank you so much for your assistance. Here's the first log:

MiniToolBox by Farbar
Ran by RFindlay (administrator) on 22-12-2011 at 10:30:24
Microsoft Windows 7 Professional Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Intel® 82577LC Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : RFindlay-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-14-BB-CE-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-14-BB-CE-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-23-14-BB-CE-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd1d:a3c4:d1cc:56f1%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.86.241(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-23-18-51-2C-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...00 23 14 bb ce c9 ......Microsoft Virtual WiFi Miniport Adapter #2
12...00 23 14 bb ce c9 ......Microsoft Virtual WiFi Miniport Adapter
11...00 23 14 bb ce c8 ......Intel® Centrino® Advanced-N 6200 AGN
10...00 23 18 51 2c 81 ......Intel® 82577LC Gigabit Network Connection
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.86.241 281
169.254.86.241 255.255.255.255 On-link 169.254.86.241 281
169.254.255.255 255.255.255.255 On-link 169.254.86.241 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.86.241 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.86.241 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::cd1d:a3c4:d1cc:56f1/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2011 08:53:47 AM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/22/2011 08:52:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Faulting module name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Exception code: 0x40000015
Fault offset: 0x000d7a14
Faulting process id: 0x5ec
Faulting application start time: 0xAtService.exe0
Faulting application path: AtService.exe1
Faulting module path: AtService.exe2
Report Id: AtService.exe3

Error: (12/22/2011 08:52:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Faulting module name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Exception code: 0x40000015
Fault offset: 0x000d7a14
Faulting process id: 0xec0
Faulting application start time: 0xAtService.exe0
Faulting application path: AtService.exe1
Faulting module path: AtService.exe2
Report Id: AtService.exe3

Error: (12/22/2011 08:52:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Faulting module name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Exception code: 0x40000015
Fault offset: 0x000d7a14
Faulting process id: 0x318
Faulting application start time: 0xAtService.exe0
Faulting application path: AtService.exe1
Faulting module path: AtService.exe2
Report Id: AtService.exe3

Error: (12/22/2011 08:52:23 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Error: (12/22/2011 08:52:23 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service port is unavailable for listening, or invalid.

Error: (12/22/2011 08:52:20 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/22/2011 02:50:08 AM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/22/2011 02:48:57 AM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).

Error: (12/22/2011 02:48:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Faulting module name: AtService.exe, version: 8.5.5.2, time stamp: 0x4b2afd16
Exception code: 0x40000015
Fault offset: 0x000d7a14
Faulting process id: 0xc78
Faulting application start time: 0xAtService.exe0
Faulting application path: AtService.exe1
Faulting module path: AtService.exe2
Report Id: AtService.exe3


System errors:
=============
Error: (12/22/2011 10:30:33 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (12/22/2011 10:30:33 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (12/22/2011 10:30:22 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/22/2011 10:30:22 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%193

Error: (12/22/2011 10:30:22 AM) (Source: Service Control Manager) (User: )
Description: The Ancillary Function Driver for Winsock service failed to start due to the following error:
%%193

Error: (12/22/2011 10:29:52 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/22/2011 10:29:52 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%193

Error: (12/22/2011 10:29:52 AM) (Source: Service Control Manager) (User: )
Description: The Ancillary Function Driver for Winsock service failed to start due to the following error:
%%193

Error: (12/22/2011 10:29:15 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/22/2011 10:29:15 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%193


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2928.43 MB
Available physical RAM: 1920 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 4760.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.22 MB

========================= Partitions: =====================================

1 Drive c: (TI105808W0D) (Fixed) (Total:222.12 GB) (Free:177.38 GB) NTFS
2 Drive d: (STORE'N'GO) (Removable) (Total:0.94 GB) (Free:0.57 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator Guest RFindlay


**** End of log ****

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 12:11 AM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 12:45 AM

Thank you. Here's the log:

Farbar Service Scanner
Ran by RFindlay (administrator) on 22-12-2011 at 23:43:16
Microsoft Windows 7 Professional Service Pack 1 (X86)
********************************************************

Internet Services:
=================
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
=================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
================
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
========================


System Restore:
==============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
==============================


File Check:
==========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys
[2011-06-20 15:42] - [2011-12-22 01:13] - 0338944 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 12:52 AM

We have several issues there.

Windows firewall registry keys are missing. We can take care of those little bit later.

As for the connection it looks like you have fake/infected afd.sys file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    afd.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 01:03 AM

Here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:59 on 22/12/2011 by RFindlay
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [21:42 20/06/2011] [07:13 22/12/2011] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [21:42 20/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [21:42 20/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [03:48 13/06/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [21:42 20/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

-= EOF =-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 01:09 AM

You may have to do the following from Safe Mode.

Open Windows Explorer, navigate to C:\Windows\System32\drivers folder, rename afd.sys file to afd.old.
Then copy afd.sys file from C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1 folder and paste it to C:\Windows\System32\drivers folder.

Restart computer, update me on issues and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 01:22 AM

I logged on in safe mode, found the afd.sys file, but it won't let me rename it. I get a message saying "You need permission from the computer's administrator to make changes to this file." What's my best next step?

#8 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 01:35 AM

Changed the permissions and got it. Moving on to next steps.

#9 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 01:43 AM

Here are the results:

1. Computer extremely slow to start up.
2. Internet connection restored.
3. Here's the new FSS log:

Farbar Service Scanner
Ran by RFindlay (administrator) on 23-12-2011 at 00:42:11
Microsoft Windows 7 Professional Service Pack 1 (X86)
********************************************************

Internet Services:
=================

Connection Status:
=================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
================
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
========================


System Restore:
==============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
==============================


File Check:
==========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 11:38 AM

Some good news :)

Looking at your latest FSS log I'd assume that Windows firewall is not working?
Let me know.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 10:42 PM

What symptoms would indicate whether it is working or not? I'm not sure what to check.

Thank you,
Randall

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 11:20 PM

Several registry keys are missing.

Can you check if Windows firewall is on?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 11:24 PM

When I go to Windows Firewall, it says that Windows Firewall is NOT using the recommended settings. When I click on the "use recommended settings" button it says: "Windows Firewall can't change some of your settings." I assume that means it's not working.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 23 December 2011 - 11:27 PM

Exactly. Means Windows firewall doesn't work.
Unfortunately those missing registry keys are computer specific so they can't be copied from another machine.
You have two options:
- reinstall Windows
- use 3rd party firewall like free Comodo: http://personalfirewall.comodo.com/free-download.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Smurf Inferno

Smurf Inferno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 December 2011 - 11:33 PM

Thank you so much for all the help. I'll see about installing Windows, but I'll need to call the place I got the computer. In the meantime, Comodo looks good. Does it run concurrently with Windows Security Essentials, or would that need to be uninstalled? - Randall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users