Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dhcp problem after recovery from SmartFortress


  • Please log in to reply
16 replies to this topic

#1 rukia99

rukia99

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 07 May 2012 - 08:17 AM

Hi,

I have this computer that was infected with Smart Fortress trojan a few weeks back. I followed the steps suggested here, and believe i have already disinfected the machine. However, now i can't connect to the Internet nor access the other computers in my workgroup (which is essential). My LAN card gets an ip address automatically from a DHCP server. Now it couldn't obtain an IP so i'm stuck with limited connectivity.

I already tried some solutions unrelated to virus/trojan such as:
- reset tcp/ip network stack
- enabled netbios over tcp/ip
- started services in services.msc
--> when i start DHCP service, i get "Error 1075: The dependency service does not exist"
- tried to check for corrupt files using sfc
--> does not give me any logfile after it finish
- tried to use static ip
--> works with Internet, can also ping computers in the network, but i can't see workgroup PCs and shared files

So i'm stuck. I need access to shared files in my network but with no luck. I can't stop but think that somehow my machine is still infected. So I appreciate any help from the forum experts.

Cheers!

(please advise if not virus-related, so it can be moved to another thread)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 07 May 2012 - 10:20 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#3 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 07 May 2012 - 11:43 PM

Hi, thanks for your attention. Below are the logs you asked.

FSS

Farbar Service Scanner Version: 30-04-2012 01
Ran by user (administrator) on 08-05-2012 at 14:26:14
Running from "C:\Documents and Settings\user\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox


MiniToolBox by Farbar Version: 18-01-2012
Ran by user (administrator) on 08-05-2012 at 14:27:41
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.101 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.1 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-85-7A-8D

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 74.125.237.70



Pinging google.com [74.125.237.70] with 32 bytes of data:



Reply from 74.125.237.70: bytes=32 time=26ms TTL=57

Reply from 74.125.237.70: bytes=32 time=24ms TTL=57



Ping statistics for 74.125.237.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 26ms, Average = 25ms

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Address: 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=262ms TTL=43

Reply from 98.139.183.24: bytes=32 time=283ms TTL=43



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 262ms, Maximum = 283ms, Average = 272ms

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 85 7a 8d ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 30
119.17.161.101 255.255.255.255 192.168.1.1 192.168.1.101 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 30
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 30
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 30
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/08/2012 01:39:06 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 01:39:06 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 01:37:44 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 01:37:44 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 00:02:43 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 00:02:43 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 11:53:06 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 11:53:06 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 10:08:06 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/08/2012 10:08:06 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (05/08/2012 02:00:00 PM) (Source: Schedule) (User: )
Description: The At39.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 02:00:00 PM) (Source: Schedule) (User: )
Description: The At15.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 01:00:00 PM) (Source: Schedule) (User: )
Description: The At38.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 01:00:00 PM) (Source: Schedule) (User: )
Description: The At14.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 00:00:00 PM) (Source: Schedule) (User: )
Description: The At37.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 00:00:00 PM) (Source: Schedule) (User: )
Description: The At13.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At36.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At12.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2012 10:08:59 AM) (Source: Service Control Manager) (User: )
Description: The Wps service terminated with the following error:
%%126

Error: (05/08/2012 10:08:59 AM) (Source: Service Control Manager) (User: )
Description: The Wlluc48b service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (05/08/2012 01:39:06 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/08/2012 01:39:06 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/08/2012 01:37:44 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/08/2012 01:37:44 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/08/2012 00:02:43 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/08/2012 00:02:43 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/08/2012 11:53:06 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/08/2012 11:53:06 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/08/2012 10:08:06 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/08/2012 10:08:06 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


=========================== Installed Programs ============================

3 Mobile Broadband (Version: 1.00.0000)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader 9.4.5 (Version: 9.4.5)
AOL Australia
AOL|7 Broadband Demo
Autodesk Design Review 2008 (Version: 4.1.0)
avast! Free Antivirus (Version: 7.0.1426.0)
Bonjour (Version: 1.0.106)
Brother MFL-Pro Suite (Version: 1.00)
Brother MFL-Pro Suite (Version: 1.00.000)
CCleaner (Version: 3.02)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CSI Management Utility
CutePDF Writer 2.7
Defraggler (Version: 2.00)
DellSupport (Version: 6.0.3062)
Digital Locker Assistant (Version: 1.80.0004)
DWG TrueView 2008 (Version: 17.1.65.0)
DX Mail 2.7
eBay Toolbar (Version: 2.00.0000)
ECI Client v5.0 (Version: v5.0)
ECS (Version: 1.0.0)
eTrust Vet Antivirus (Version: 7.0.8.1)
Firmware Downloader (Version: 1.0.0.0)
Google Chrome (Version: 18.0.1025.168)
Google Update Helper (Version: 1.3.21.111)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
HP Web Jetadmin
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 2 (Version: 1.5.0.20)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
KG2000
LaserJet 1020 series
LawWare 9.2.4 (22Nov11)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Meeting 2005 Replay Wrapper (Version: 7.5.HOTFIX.2302.39)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Multimedia Mouse Driver (Version: 2.0)
Nero Suite
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 9.61 (Version: 9.61)
PaperPort (Version: 9.02.0827)
QuickBooks Pro
QuickBooks Pro Timer
QuickBooks Pro: Professional Business 2005/06
QuickBooks Pro: Professional Business 2006/07
QuickTime (Version: 7.55.90.70)
Record Keeping Evaluation Tool
Sensis Toolbar
Smilebox (Version: 1.1.1.1)
SpamMATTERS
SweetIM for Messenger 3.6 (Version: 3.6.0003)
SweetIM Toolbar for Internet Explorer 4.3 (Version: 4.3.0001)
Tax Withheld Calculator
TeamViewer 7 (Version: 7.0.12979)
Tidy Start Menu
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Mail
Windows Media Connect
Windows Media Connect (Version: 1.0.0.0)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
ZebraDesigner (Version: 1.0)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2045.98 MB
Available physical RAM: 1394.54 MB
Total Pagefile: 3942.56 MB
Available Pagefile: 3476.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.6 MB

========================= Partitions: =====================================

1 Drive c: (user's C Drive) (Fixed) (Total:148.97 GB) (Free:31.65 GB) NTFS
2 Drive d: (XP_PRO_SP2) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
3 Drive e: (3MobileBroadband) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\USER

Administrator Guest HelpAssistant
user SUPPORT_388945a0


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 01:32 AM

Before trying registry fixes

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt


Download

netbt.reg

wscsvc

Launch them and click YES

Press Windows+R key and type

regedit and click ok

Navigate to this location

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

Right click on it-PERMISSIONS

Select EVERYONE and check mark FULL CONTROL ,click ok

legacy wscsvc

Launch it,click YES

Restart the PC,check your browser post the new FSS log

good luck

Edited by narenxp, 08 May 2012 - 01:47 AM.


#5 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 08 May 2012 - 06:50 AM

FSS logs below. Thanks again.

Farbar Service Scanner Version: 30-04-2012 01
Ran by user (administrator) on 08-05-2012 at 22:43:40
Running from "C:\Documents and Settings\user\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(6) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Edited by rukia99, 08 May 2012 - 07:47 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 11:40 AM

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Download the wscsvc key given before and launch it,do you still have DHCP issues?

Edited by narenxp, 08 May 2012 - 11:40 AM.


#7 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 08 May 2012 - 07:05 PM

Hi narenxp,

I can get dhcp-assigned ip address now. Thank you so much!

Still can't access network shares (map network drive) and workgroup computers.
Can you help or should i post to another thread? Thanks.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 09:34 PM

Download

fixit

Run the fixit,restart the PC ,check if you can access work group computers.

Download

mini toolbox

Checkmark following boxes:

List last 10 Event Viewer log

Click Go and post the result.

#9 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 08 May 2012 - 10:05 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by user (administrator) on 09-05-2012 at 13:03:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2012 01:02:07 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 01:02:07 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:58:53 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:58:53 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:50:02 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:50:02 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:49:57 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:49:57 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:40:27 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/09/2012 00:40:27 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (05/09/2012 01:00:24 PM) (Source: Service Control Manager) (User: )
Description: The Wlluc48b service terminated with the following error:
%%126

Error: (05/09/2012 01:00:24 PM) (Source: Service Control Manager) (User: )
Description: The Wps service terminated with the following error:
%%126

Error: (05/09/2012 01:00:00 PM) (Source: Schedule) (User: )
Description: The At38.job command failed to start due to the following error:
%%2147942402

Error: (05/09/2012 01:00:00 PM) (Source: Schedule) (User: )
Description: The At14.job command failed to start due to the following error:
%%2147942402

Error: (05/09/2012 00:51:31 PM) (Source: Service Control Manager) (User: )
Description: The Wps service terminated with the following error:
%%126

Error: (05/09/2012 00:51:31 PM) (Source: Service Control Manager) (User: )
Description: The Wlluc48b service terminated with the following error:
%%126

Error: (05/09/2012 00:00:00 PM) (Source: Schedule) (User: )
Description: The At37.job command failed to start due to the following error:
%%2147942402

Error: (05/09/2012 00:00:00 PM) (Source: Schedule) (User: )
Description: The At13.job command failed to start due to the following error:
%%2147942402

Error: (05/09/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At36.job command failed to start due to the following error:
%%2147942402

Error: (05/09/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At12.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================
Error: (05/09/2012 01:02:07 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/09/2012 01:02:07 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/09/2012 00:58:53 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/09/2012 00:58:53 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/09/2012 00:50:02 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/09/2012 00:50:02 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/09/2012 00:49:57 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/09/2012 00:49:57 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/09/2012 00:40:27 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/09/2012 00:40:27 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 10:12 PM

Did you run the FIXIT?

#11 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 08 May 2012 - 10:23 PM

Yeah, i did. Then i restarted, before running MiniToolBox.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 10:38 PM

Do you still have issues?

Press Windows+R key and type

msconfig and click ok

Make sure you have normal startup,restart the PC

and check if you can access now

#13 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 08 May 2012 - 11:04 PM

I did that and still having issues. Workgroup computers don't appear.

I tried nbtstat and i get this error
"NetBT is not bound to any devices"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 AM

Posted 08 May 2012 - 11:15 PM

Follow this guide

http://support.microsoft.com/kb/318030

Go to let me fix it myself option and try to do the steps manually,let me know if you get errors

Press WIndows+R key and type

cmd and click ok,now run these commands

netsh i i r r
netsh winsock reset


Press Windows+R key and type

devmgmt.msc and click ok

Expand network adapters

Right click on your driver-Uninstall

Restart the PC

Windows should automatically install drivers on startup


Press Windows+R key and type

services.msc and click ok

Make sure all these services are started

Check your Services are Started on all PCs:

COM+ Event System
Computer Browser
DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
Server
TCP/IP Netbios helper
Wireless Zero Configuration (XP wireless configurations)
Workstation

good luck

Edited by narenxp, 08 May 2012 - 11:16 PM.


#15 rukia99

rukia99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 09 May 2012 - 03:20 AM

Hi, except for uninstalling the driver, I've actually done all these steps before coming here. I will go and try to do that now and let you know. Thanks again for the assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users