Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDDSKILLER killed my internet


  • Please log in to reply
7 replies to this topic

#1 Ninjdm

Ninjdm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 25 December 2011 - 10:49 PM

Hello im very new to all this so bare with my lack of computer knowledge. First of all I acquired this ping.exe bug that was eating my computer memory from that windows antivirus virus. Did some research, downloaded a TDDSKILLER from kaspersky, ran the scan and successfully got rid of it. After that, My internet doesnt even recognize the network its on. Its been almost a week now being frustrated trying everything from reading similar cases and still nothing. I have windows xp sp3 and now using my laptop that running wirelessly on the same internet.

My issues are I cant log onto the internet on the messed up computer so I have no way of downloading programs/showing logs of any sort. I was hoping it was something I can fix manually I tried all the following: system restore, uncheck proxy boxes, refreshing winsock, chkdsk, creating a new TCP/IP protocol. Nothing, still sending packets but not receiving any

Im wondering if I could connect this laptop directly to my pc so that way I could get the right programs and show logs. Only thing is this is a mac and the infected is windows...

Id thought I would give a post a shot, running out of ideas here

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:17 AM

Posted 26 December 2011 - 01:18 AM

Please download Farbar Service Scanner

http://download.bleepingcomputer.com/farbar/FSS.exe

and run it on the computer with the issue.


* Press "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

#3 Ninjdm

Ninjdm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 December 2011 - 04:39 PM

Farbar Service Scanner
Ran by Rogue (administrator) on 27-12-2011 at 16:27:33
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) NetBT(6) NwlnkIpx(10) NwlnkNb(11) PSched(7) Tcpip(4) Tcpip6(12)
0x0B00000005000000010000000200000003000000040000000800000006000000070000000A0000000B0000000C000000

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:17 AM

Posted 27 December 2011 - 05:06 PM

Download

system look


Launch it


Copy the script

:filefind
ipsec.sys


Paste it in the BOX

Click on Look

Post the log

#5 Ninjdm

Ninjdm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 December 2011 - 05:40 PM

S y s t e m L o o k 3 0 . 0 7 . 1 1 b y j p s h o r t s t u f f

L o g c r e a t e d a t 1 7 : 3 7 o n 2 7 / 1 2 / 2 0 1 1 b y R o g u e

A d m i n i s t r a t o r - E l e v a t i o n s u c c e s s f u l



= = = = = = = = = = f i l e f i n d = = = = = = = = = =



S e a r c h i n g f o r " i p s e c . s y s "

C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ i p s e c . s y s - - - - - c - 7 4 7 5 2 b y t e s [ 1 2 : 3 7 1 2 / 0 1 / 2 0 1 0 ] [ 1 2 : 0 0 1 0 / 0 8 / 2 0 0 4 ] 6 4 5 3 7 A A 5 C 0 0 3 A 6 A F E E E 1 D F 8 1 9 0 6 2 D 0 D 1

C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ i p s e c . s y s - - - - - - - 7 5 2 6 4 b y t e s [ 2 0 : 0 9 1 7 / 0 9 / 2 0 0 8 ] [ 1 9 : 1 9 1 3 / 0 4 / 2 0 0 8 ] 2 3 C 7 4 D 7 5 E 3 6 E 7 1 5 8 7 6 8 D D 6 3 D 9 2 7 8 9 A 9 1



- = E O F = -

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:17 AM

Posted 27 December 2011 - 06:03 PM

Click on start button

GO to RUN and type

C:\WINDOWS\ServicePackFiles\i386

and click ok

Now copy ipsec.sys from the location to C:Windows/system32/drivers folder

Download ipsec.reg from here

http://www.mediafire.com/?hg7hxgz0juxqqal

Launch it and click YES

Now restart your PC and check your internet connection

Good luck

#7 Ninjdm

Ninjdm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 December 2011 - 06:22 PM

I just want to let you know... I love you

Thank you so much.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:17 AM

Posted 27 December 2011 - 06:26 PM

:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users