Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Residual OS issues after removal of System Restore virus


  • Please log in to reply
30 replies to this topic

#1 dholly

dholly

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 03:49 AM

Good morning,

I have a Dell Latitude D630 laptop with XP Pro SP3, victimized by the System Restore virus (Note: this is a Dell OEM Windows install, I only have the Dell Re-installation CD).

I followed the System Restore virus removal guide and believe the bugger is gone, however, it appears some of my registry and device drivers went with it. I have no internet connectivity, Windows Firewall, DVD or keyboard/touchpad, and probably a few others I haven't noticed yet.

What I did:

  • Found, burned and ran ISO for Admin PW removal
  • ran Erunt for Registry backup
  • ran rkill.exe
  • ran mbam.exe
  • ran TDSSKiller.exe
  • ran SuperAntiSpyware.exe
  • ran aswMBR.exe
  • ran unhide.exe
  • ran FSS.exe
  • ran MiniToolBox.exe
  • ran winsockxpfix.exe

With the exception of the 1st bullet, the remainder were done via usb drive in Safe Mode w/ Admin privileges. I also ran scans in Safe Mode w/ the only User account. All Trojans, malware etc., including trojan.dropper/sys-nv, rootkit.boot.sst.b, and all Unclassified.oreans32 identified by SuperAntiSpyware and others were removed or cured. I subsequently ran a few scans that came back clean.

My wired Local Area Connection shows connected but no IP address. Disable and (re)Enable or Diagnose and Repair network connections doesn't help, none of the options are able to fix my problem. I am getting a "Failed to query TCP/IP settings of the connection. Cannot proceed."

In Safe Mode, I used the On-Screen Keyboard to enter Start>Run>services.msc to open Local Services in an attempt to manually start DHCP, IPSEC and TCP/IP netBIOS Helper Services. They all return "Error 1068: The dependency service or group failed to start". From what I read, my problems lie with the afd.sys file.

FSS File Check confirms the following files missing:

  • C:\WINDOWS\system32\Drivers\afd.sys
  • C:\WINDOWS\system32\Drivers\netbt.sys
  • C:\WINDOWS\system32\Drivers\ipsec.sys

Running winsockxpfix.exe with reboot does nothing apparent.

As of now I have not run sfc /scannow, as I only have the Dell XP Pro Re-installation CD and I've read conflicting advice on whether this CD will work or I need the non-OEM Genuine Windows XP Install CD? I am certainly willing to give the Dell CD a try, but only if there is a high degree of certainty that if it doesn't reload the AFD driver that it will not change anything else. I assume if that is successful at repairing the AFD driver, then all I need to is go to my local services and start DCHP, reboot and it will automatically configure and find the IP?

Alternatively, did I see a fix with running script through ComboFix?

Lastly, after typing the post and pasting the logs, I ran aswMBR.exe on my good desktop to grab the updated definitions. The first scan as Admin in Safe Mode was with the definitions in the aswMBR.exe download and came back clean (99% certain), but I just ran it on the laptop again (in normal mode as a User this time) with updated definitions and it came back with a FixMBR (which I did not do, after seeing the WARNING !!!). Since that exploit appears to target passwords for online banking and other financial systems, I want it gone asap. Again, not sure if I need a Genuine Windows CD to fix or my Dell Re-installation CD will work? Will need some handholding before clicking on that one. The aswMBR log below is from that scan and I've highlighted the entry that was highlighted in the log.

As you can tell, I'm not too 'up' on this bleeping computer stuff. I made it to this point following the great info onsite, but I'm afraid I've reached the end of my ability and comfort level when it comes to interpreting these logs or mucking around in the Registry. If possible, I'd like to address the connectivity issue at this time so I can then attempt to update or delete/reinstall the missing drivers online and get my firewall back up.

My logs are attached for assessment by the experts (if inappropriate, please accept my apologies and refer me to the correct forum). If someone can help me along from here I would be most grateful for their time and patience. My notification options setting is on 'immediate' and I will monitor this thread and reply as quickly as I can.

Thank you in advance.

------------------------

Farbar Service Scanner Version: 22-02-2012
Ran by Administrator (administrator) on 27-02-2012 at 20:25:38
Running from "D:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
Attention! C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: DWHLAPTOP [administrator]

Protection: Disabled

2/27/2012 2:03:41 PM
mbam-log-2012-02-27 (14-03-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363315
Time elapsed: 1 hour(s), 44 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\Sandbox\Re-Enable v2\2.0.1.0\2010.03.29T16.08\Native\STUBEXE\8.0.1112\@PROGRAMFILES@\Internet Explorer\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\Sandbox\Re-Enable v2\2.0.1.0\2010.03.29T16.08\Native\STUBEXE\8.0.1112\@SYSTEM@\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\Sandbox\Re-Enable v2\2.0.1.0\2010.03.29T16.08\Native\STUBEXE\8.0.1112\@SYSTEM@\Shutdown.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\Sandbox\Re-Enable v2\2.0.1.0\2010.03.29T16.08\Virtual\STUBEXE\8.0.1112\@APPDIR@\Re-Enable v2 Portable.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2012 at 04:16 PM

Application Version : 5.0.1144

Core Rules Database Version : 8279
Trace Rules Database Version: 6091

Scan type : Complete Scan
Total Scan Time : 02:14:58

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 238
Memory threats detected : 0
Registry items scanned : 34690
Registry threats detected : 0
File items scanned : 57222
File threats detected : 1

Application.Oreans32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1016\A0182573.SYS

MiniToolBox by Farbar Version: 18-01-2012
Ran by DWH (administrator) on 27-02-2012 at 10:17:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/26/2012 09:16:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/26/2012 09:11:20 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/26/2012 10:58:13 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/25/2012 09:17:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/25/2012 09:06:14 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Error: (02/25/2012 09:06:14 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service port is unavailable for listening, or invalid.

Error: (02/25/2012 09:06:08 PM) (Source: Fidelity Advisor Channel Profiler) (User: )
Description: Failed to instantiate: System.Runtime.Remoting.RemotingException: Remoting configuration failed with the exception System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.Sockets.SocketException: A socket operation encountered a dead network
at System.Net.Sockets.Socket..ctor(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType)
at System.Net.Sockets.TcpListener..ctor(IPAddress localaddr, Int32 port)
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel.SetupChannel()
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider)
at System.Runtime.Remoting.Channels.Tcp.TcpChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- End of inner exception stack trace ---
at System.Reflection.RuntimeConstructorInfo.InternalInvoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean isBinderDefault)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData)
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData).
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename)
at fmr.RiaWorkstation.Profiler.Service.ProfilerService.Main()

Error: (02/25/2012 09:05:57 PM) (Source: CTTaskerSvc) (User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/25/2012 09:05:44 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (02/25/2012 09:05:38 PM) (Source: CTDataServerSvc) (User: )
Description: Service failed on start: Invalid argument


System errors:
=============
Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (02/27/2012 10:17:17 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (02/27/2012 10:17:16 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2

Error: (02/27/2012 10:17:16 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/26/2012 09:16:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/26/2012 09:11:20 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/26/2012 10:58:13 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/25/2012 09:17:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/25/2012 09:06:14 PM) (Source: SQLBrowser)(User: )
Description:

Error: (02/25/2012 09:06:14 PM) (Source: SQLBrowser)(User: )
Description:

Error: (02/25/2012 09:06:08 PM) (Source: Fidelity Advisor Channel Profiler)(User: )
Description: Failed to instantiate: System.Runtime.Remoting.RemotingException: Remoting configuration failed with the exception System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.Sockets.SocketException: A socket operation encountered a dead network
at System.Net.Sockets.Socket..ctor(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType)
at System.Net.Sockets.TcpListener..ctor(IPAddress localaddr, Int32 port)
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel.SetupChannel()
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider)
at System.Runtime.Remoting.Channels.Tcp.TcpChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- End of inner exception stack trace ---
at System.Reflection.RuntimeConstructorInfo.InternalInvoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean isBinderDefault)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData)
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData).
at System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename)
at fmr.RiaWorkstation.Profiler.Service.ProfilerService.Main()

Error: (02/25/2012 09:05:57 PM) (Source: CTTaskerSvc)(User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/25/2012 09:05:44 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (02/25/2012 09:05:38 PM) (Source: CTDataServerSvc)(User: )
Description: Service failed on start: Invalid argument


=========================== Installed Programs ============================

Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Flash Player ActiveX (Version: 9.0.115.0)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player (Version: 11)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bing Maps 3D (Version: 4.0.903.16005)
Bluetooth Stack for Windows by Toshiba (Version: v6.01.03(D))
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Broadcom Management Programs (Version: 10.15.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Brother HL-5370DW (Version: 1.00)
Captools/net Server Suite 2007 (Version: 6.9.8.99)
CardRd81 (Version: 4.00.0000.0004)
CCHelp (Version: 4.00.0000.0001)
CCScore (Version: 4.00.0000.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Coupon Printer for Windows (Version: 4.0)
CR2 (Version: 4.00.0000.0003)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.0.0.0)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
Digital Video (Version: 1.00.000)
ERUNT 1.1j
ESSAdpt (Version: 4.00.0000.0001)
ESSANUP (Version: 4.00.0000.0001)
ESSBrwr (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0000.0001)
ESSCDBK (Version: 4.00.0000.0001)
ESScore (Version: 4.00.0000.0102)
ESSCT (Version: 4.00.0000.0101)
ESSEMAIL (Version: 4.00.0000.0000)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0000.0107)
ESSPCD (Version: 4.00.0000.0001)
ESSPDock (Version: 4.00.0000.0003)
ESSSONIC (Version: 4.00.0000.0003)
ESSTUTOR (Version: 4.00.0000.0103)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0101)
Fast Video Converter 1.0
ffdshow [rev 1692] [2007-12-09] (Version: 1.0)
Fidelity Advisor CHANNEL (Version: 1.05.7775)
Garmin Communicator Plugin (Version: 2.6.4)
Garmin USB Drivers (Version: 1.0.0.0)
Google Earth (Version: 6.1.0.5001)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
Google Updater (Version: 2.4.2432.1652)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HLPCCTR (Version: 4.00.0000.0003)
HLPIndex (Version: 4.00.0000.0003)
HLPPDOCK (Version: 4.00.0000.0002)
HLPSFO (Version: 4.00.0000.0103)
Hotfix 2050 for SQL Server 2000 ENU (KB948110) (Version: 1)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (Version: 1)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mDrWiFi (Version: 9.24.0000)
mHlpDell (Version: 9.24.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional (Version: 9.00.9327)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (CAPTOOLSDBINST) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Desktop Engine (FACW) (Version: 8.00.2039)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA (Version: 9.24.0000)
mLogView (Version: 9.24.0000)
mMHouse (Version: 9.24.0000)
Mobile Broadband Drivers (Version: 2.01.07.10)
MobileMe Control Panel (Version: 3.1.5.0)
Modem Diagnostic Tool (Version: 1.0.20.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
MovieShaker 3.1 for MICROMV
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird (3.1.18) (Version: 3.1.18 (en-US))
mPfMgr (Version: 9.24.0000)
mPfWiz (Version: 9.24.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.24.0000)
mSSO (Version: 9.24.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.24.0000)
mZConfig (Version: 9.24.0000)
NetWaiting (Version: 2.5.44)
Notifier (Version: 4.00.0000.0101)
NVIDIA Drivers
OfotoXMI (Version: 4.00.0000.0202)
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
PCDLNCH (Version: 4.00.0000.0101)
PowerDVD (Version: 8.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickSet (Version: 8.3.17)
QuickTime (Version: 7.71.80.42)
QuickTime Alternative 1.81 (Version: 1.81)
RealProducer Basic 8.5
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.51.22)
SearchAssist
SFR (Version: 3.03.0000.0001)
SFR2 (Version: 3.03.0000.0002)
Skype™ 5.1 (Version: 5.1.112)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Sony USB Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCAMCEN (Version: 4.00.0000.0001)
VPRINTOL (Version: 4.00.0000.0001)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82) (Version: 07/08/2008 12.0.0.82)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39) (Version: 12/19/2007 9.0.4.39)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Mobile® Device Handbook (Version: 1.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wondershare Video Converter Ultimate(Build 5.4.3.0)

========================= Devices: ================================

Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel® Wireless WiFi Link 4965AGN
Description: Intel® Wireless WiFi Link 4965AGN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #3
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Alps Electric
Service: i8042prt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Optiarc DVD+-RW AD-7580A
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2045.9 MB
Available physical RAM: 1176.36 MB
Total Pagefile: 3938.57 MB
Available Pagefile: 3173.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:5.83 GB) NTFS
2 Drive d: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator ASPNET DWH
Guest HelpAssistant IUSR_DWHLAPTOP
IWAM_DWHLAPTOP SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini020812-01.dmp
C:\WINDOWS\Minidump\Mini020812-02.dmp

**** End of log ****

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 02:35:52
-----------------------------
02:35:52.781 OS Version: Windows 5.1.2600 Service Pack 3
02:35:52.781 Number of processors: 2 586 0x1706
02:35:52.781 ComputerName: DWHLAPTOP UserName: DWH
02:35:53.281 Initialize success
02:36:02.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
02:36:02.687 Disk 0 Vendor: Hitachi_HTS722080K9A300 DCBOCA1H Size: 76319MB BusType: 3
02:36:02.687 Disk 0 MBR read successfully
02:36:02.687 Disk 0 MBR scan
02:36:02.687 Disk 0 Windows XP default MBR code
02:36:02.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
02:36:02.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
02:36:02.718 Disk 0 scanning sectors +156296385
02:36:02.781 Disk 0 scanning C:\WINDOWS\system32\drivers
02:36:15.093 Service scanning
02:36:24.187 Service MpKslc88a0c99 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F00D3AC2-3A18-4489-8C54-9D61B3FC6A68}\MpKslc88a0c99.sys **LOCKED** 32
02:36:32.156 Modules scanning
02:36:36.140 Disk 0 trace - called modules:
02:36:36.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:36:36.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab80ab8]
02:36:36.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8abc2d98]
02:36:36.171 Scan finished successfully
02:37:04.421 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
02:37:04.453 The log file has been saved successfully to "D:\aswMBR.txt"


Edited by Budapest, 29 February 2012 - 03:36 AM.
Moved from XP


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 05:05 AM

Launch FSS file check again and type

afd.sys;netbt.sys;ipsec.sys in the search BOX

and click on search files

Post the generated log

#3 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 09:53 AM

narenxp,

Hello and thank you for your assistance today. I ran the FSS search in Safe Mode as Admin, here's the log:

Farbar Service Scanner Version: 22-02-2012
Ran by Administrator (administrator) on 28-02-2012 at 09:43:56
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "afd.sys;netbt.sys;ipsec.sys" =========

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 06:40] - [2011-08-17 08:49] - 0138496 ____N (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-08-19 16:22] - [2008-04-13 14:19] - 0138112 ____N (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-08-19 16:22] - [2008-04-13 14:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-08-19 16:22] - [2008-04-13 14:21] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008-10-15 08:49] - [2008-06-20 06:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008-08-15 08:24] - [2004-08-04 05:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008-08-19 16:34] - [2008-04-13 14:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-10-13 08:19] - [2011-02-16 08:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-04-15 07:58] - [2008-08-14 05:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2011-06-15 14:05] - [2008-10-16 09:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008-08-19 16:25] - [2008-06-20 05:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2008-08-19 16:25] - [2004-08-04 05:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008-08-19 16:25] - [2004-08-04 05:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-10-14 15:13] - [2008-08-14 05:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 06:48] - [2008-06-20 06:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 06:40] - [2008-06-20 06:40] - 0138496 ____A (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 05:44] - [2008-06-20 05:44] - 0138368 ____A (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-13 08:13] - [2011-08-17 08:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-06-15 09:00] - [2011-02-16 08:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

C:\i386\afd.sys
[2008-08-15 08:37] - [2008-06-20 05:44] - 0138368 ____A (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\i386\ipsec.sys
[2008-08-15 08:38] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\i386\netbt.sys
[2008-08-15 08:38] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 09:57 AM

Browse to this path

C:\WINDOWS\ServicePackFiles

Copy afd.sys,netbt.sys and ipsec.sys files from the location and paste it in

C:/WINDOWS/system32/drivers folder

Restart the PC and post the new FSS log

good luck

Edited by narenxp, 28 February 2012 - 09:57 AM.


#5 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 10:25 AM

narenxp,

No problem finding and copying the files. Restarted as Admin in Safe Mode, new FSS log attached.

Farbar Service Scanner Version: 22-02-2012
Ran by Administrator (administrator) on 28-02-2012 at 10:20:31
Running from "D:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 11:06 AM

Download the fixit

http://go.microsoft.com/?linkid=9662461

Run it,and restart the PC

Let me know if you can browse now


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 11:30 AM

narenxp,

When I try to run the fixit, Windows Installer generates a warning "The system administrator has set policies to prevent this installation."

I am logged in Safe Mode as Admin and I have navigated to Control Panel>User Accounts>Administrator, however, I do not readily see how to change permissions.

Thanks

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 11:37 AM

boot into normal mode and run the fixit

good luck

#9 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 12:28 PM

narenxp,


Fix It applied successfully

Local Area Connection connected, enabled, IP acquired and assigned by DHCP fine, Packet activity ok both ways

FF and IE both open but show "problem loading page" and "cannot display the webpage" respectively.

Clicked the Diagnose Connection Problems button>Wired, no love

WinSock Diagnostic Log attached

MiniToolBox Log attached

thnx

Last diagnostic run time: 02/28/12 12:13:17 WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection 3, Device=Broadcom NetXtreme 57xx Gigabit Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection 3, Device=Intel® Wireless WiFi Link 4965AGN, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection 3, Device=1394 Net Adapter #3, MediaType=LAN, SubMediaType=1394
info Network connection: Name=Motorola Phone, Device=Standard 33600 bps Modem, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=Frontiernet, Device=Conexant HDA D330 MDC V.92 Modem, MediaType=PHONE, SubMediaType=NONE
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.


MiniToolBox by Farbar Version: 18-01-2012
Ran by DWH (administrator) on 28-02-2012 at 12:21:25
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DWHlaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : rochester.rr.com



Ethernet adapter Wireless Network Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1F-3B-C9-EF-79



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : rochester.rr.com

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-27-BF-54

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.197

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, February 28, 2012 12:03:13 PM

Lease Expires . . . . . . . . . . : Wednesday, February 29, 2012 12:03:13 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 72.14.204.113, 72.14.204.138, 72.14.204.100, 72.14.204.101
72.14.204.102

Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f 3b c9 ef 79 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x10004 ...00 1c 23 27 bf 54 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.197 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.197 192.168.0.197 10
192.168.0.197 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.197 192.168.0.197 10
224.0.0.0 240.0.0.0 192.168.0.197 192.168.0.197 10
255.255.255.255 255.255.255.255 192.168.0.197 192.168.0.197 1
255.255.255.255 255.255.255.255 192.168.0.197 2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/28/2012 00:10:05 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2012 00:01:46 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2012 11:59:01 AM) (Source: CTTaskerSvc) (User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/28/2012 11:58:32 AM) (Source: CTDataServerSvc) (User: )
Description: Service failed on start: Invalid argument

Error: (02/28/2012 11:56:20 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2012 11:45:48 AM) (Source: CTTaskerSvc) (User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/28/2012 11:45:20 AM) (Source: CTDataServerSvc) (User: )
Description: Service failed on start: Invalid argument

Error: (02/28/2012 11:18:55 AM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: The installation of D:\MicrosoftFixit50203(1).msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (02/28/2012 11:15:26 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2012 11:10:20 AM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: The installation of D:\MicrosoftFixit50203.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.


System errors:
=============
Error: (02/28/2012 11:47:10 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (02/28/2012 11:47:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (02/28/2012 11:47:10 AM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.

Error: (02/28/2012 11:47:10 AM) (Source: Workstation) (User: )
Description: Could not load MRxSmb device driver.

Error: (02/28/2012 11:46:41 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
i8042prt
Imapi
MRxSmb
redbook
SASDIFSV
SASKUTIL
Tosrfcom

Error: (02/28/2012 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (02/28/2012 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (02/28/2012 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (02/28/2012 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (02/28/2012 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The AEGIS Protocol (IEEE 802.1x) v3.7.4.0 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/28/2012 00:10:05 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/28/2012 00:01:46 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/28/2012 11:59:01 AM) (Source: CTTaskerSvc)(User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/28/2012 11:58:32 AM) (Source: CTDataServerSvc)(User: )
Description: Service failed on start: Invalid argument

Error: (02/28/2012 11:56:20 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/28/2012 11:45:48 AM) (Source: CTTaskerSvc)(User: )
Description: Service starting failed : "Access violation at address 004AB298 in module 'CTTasker.Exe'. Read of address 00000008"

Error: (02/28/2012 11:45:20 AM) (Source: CTDataServerSvc)(User: )
Description: Service failed on start: Invalid argument

Error: (02/28/2012 11:18:55 AM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: D:\MicrosoftFixit50203(1).msi(NULL)(NULL)(NULL)

Error: (02/28/2012 11:15:26 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/28/2012 11:10:20 AM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: D:\MicrosoftFixit50203.msi(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Flash Player ActiveX (Version: 9.0.115.0)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player (Version: 11)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bing Maps 3D (Version: 4.0.903.16005)
Bluetooth Stack for Windows by Toshiba (Version: v6.01.03(D))
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Broadcom Management Programs (Version: 10.15.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Brother HL-5370DW (Version: 1.00)
Captools/net Server Suite 2007 (Version: 6.9.8.99)
CardRd81 (Version: 4.00.0000.0004)
CCHelp (Version: 4.00.0000.0001)
CCScore (Version: 4.00.0000.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Coupon Printer for Windows (Version: 4.0)
CR2 (Version: 4.00.0000.0003)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.0.0.0)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
Digital Video (Version: 1.00.000)
ERUNT 1.1j
ESSAdpt (Version: 4.00.0000.0001)
ESSANUP (Version: 4.00.0000.0001)
ESSBrwr (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0000.0001)
ESSCDBK (Version: 4.00.0000.0001)
ESScore (Version: 4.00.0000.0102)
ESSCT (Version: 4.00.0000.0101)
ESSEMAIL (Version: 4.00.0000.0000)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0000.0107)
ESSPCD (Version: 4.00.0000.0001)
ESSPDock (Version: 4.00.0000.0003)
ESSSONIC (Version: 4.00.0000.0003)
ESSTUTOR (Version: 4.00.0000.0103)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0101)
Fast Video Converter 1.0
ffdshow [rev 1692] [2007-12-09] (Version: 1.0)
Fidelity Advisor CHANNEL (Version: 1.05.7775)
Garmin Communicator Plugin (Version: 2.6.4)
Garmin USB Drivers (Version: 1.0.0.0)
Google Earth (Version: 6.1.0.5001)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
Google Updater (Version: 2.4.2432.1652)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HLPCCTR (Version: 4.00.0000.0003)
HLPIndex (Version: 4.00.0000.0003)
HLPPDOCK (Version: 4.00.0000.0002)
HLPSFO (Version: 4.00.0000.0103)
Hotfix 2050 for SQL Server 2000 ENU (KB948110) (Version: 1)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (Version: 1)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mDrWiFi (Version: 9.24.0000)
mHlpDell (Version: 9.24.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional (Version: 9.00.9327)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (CAPTOOLSDBINST) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Desktop Engine (FACW) (Version: 8.00.2039)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA (Version: 9.24.0000)
mLogView (Version: 9.24.0000)
mMHouse (Version: 9.24.0000)
Mobile Broadband Drivers (Version: 2.01.07.10)
MobileMe Control Panel (Version: 3.1.5.0)
Modem Diagnostic Tool (Version: 1.0.20.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
MovieShaker 3.1 for MICROMV
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird (3.1.18) (Version: 3.1.18 (en-US))
mPfMgr (Version: 9.24.0000)
mPfWiz (Version: 9.24.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.24.0000)
mSSO (Version: 9.24.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.24.0000)
mZConfig (Version: 9.24.0000)
NetWaiting (Version: 2.5.44)
Notifier (Version: 4.00.0000.0101)
NVIDIA Drivers
OfotoXMI (Version: 4.00.0000.0202)
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
PCDLNCH (Version: 4.00.0000.0101)
PowerDVD (Version: 8.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickSet (Version: 8.3.17)
QuickTime (Version: 7.71.80.42)
QuickTime Alternative 1.81 (Version: 1.81)
RealProducer Basic 8.5
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.51.22)
SearchAssist
SFR (Version: 3.03.0000.0001)
SFR2 (Version: 3.03.0000.0002)
Skype™ 5.1 (Version: 5.1.112)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Sony USB Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCAMCEN (Version: 4.00.0000.0001)
VPRINTOL (Version: 4.00.0000.0001)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82) (Version: 07/08/2008 12.0.0.82)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39) (Version: 12/19/2007 9.0.4.39)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Mobile® Device Handbook (Version: 1.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wondershare Video Converter Ultimate(Build 5.4.3.0)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2045.9 MB
Available physical RAM: 1276.46 MB
Total Pagefile: 3938.57 MB
Available Pagefile: 3184.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.99 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:5.81 GB) NTFS
2 Drive d: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.79 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator ASPNET DWH
Guest HelpAssistant IUSR_DWHLAPTOP
IWAM_DWHLAPTOP SUPPORT_388945a0


**** End of log ****



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 01:41 PM

Download

http://files.snapfiles.com/localdl936/WinsockxpFix.exe

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]



Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to control panel- Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Post the new FSS log

#11 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 02:41 PM

narenxp,

The winsock launch and fix went fine but results in the same "problem loading page" etc. errors after restart.

The Network Connection Protocol changes went fine.

After the restart, I am still not able to browse.

FSS log attached.

tnx

Farbar Service Scanner Version: 22-02-2012
Ran by DWH (administrator) on 28-02-2012 at 14:37:36
Running from "D:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:49 AM

Posted 28 February 2012 - 03:40 PM

that looks good


Uninstall all your Security softwares

Press Windows+R key and type

cmd and click ok

Run the following commands


netsh i i r r
netsh winsock reset
ipconfig /registerdns
ipconfig /flushdns
ipconfig /release
ipconfig /renew


Press Windows+R key and type

devmgmt.msc
and click ok

Expand network adapters

Right click on your network driver-Uninstall

Restart your PC and check your browser

#13 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 06:34 PM

narenxp,


Thanks a ton for your patience, you got me smiling with our first "looking good"...


Restarted Safe Mode Admin.

Removed MS Security Essentials via Control Panel Add/Remove Programs.

Couldn't find Malwarebytes Free Trial on Add/Remove Programs so I exited the program, deleted all shortcuts and killed mbamservice.exe in Task Manager Processes.

No keyboard function but managed to run all your commands successfully.

Uninstalled network driver as instructed.

Restarted in normal mode.

No FF or IE browser, same "problem loading page" error message

Clicked on Repair button for re-named wired Local Area Connection 4 (was 3), still no browsers.

One thing maybe worth mentioning: when restarting in normal I do still see the Malwarebyte icon in the Sys Tray.


...hopefully still making progress.

tnx

[edit] Well I just found the 'Start with Windows' tick mark by right-clicking the Malwarebytes Sys Tray Icon, can uncheck and do-over if need be.

Edited by dholly, 28 February 2012 - 07:20 PM.


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:49 PM

Posted 28 February 2012 - 07:49 PM

http://forums.malwarebytes.org/index.php?showtopic=106726&view=findpost&p=531172
Just a quick extra -
Please see the link above to Malwarebytes forum for directions on how to Fully disable MBAM -
You can complete the 2nd half of the instructions when you reinstall Malwarebytes -
Please post back if you have troubles with reading the directions.

Regards -

#15 dholly

dholly
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2012 - 08:21 PM

noknojon,

Thanks much for that link, I actually went and searched through the forums there but missed the clean-tool.

Back at it...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users