Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection after LSPFix


  • Please log in to reply
15 replies to this topic

#1 TheGrolarBear

TheGrolarBear

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 21 July 2012 - 04:46 PM

Hi all,

I recently got infected with a svchost.exe and Google redirect virus. I stumbled upon a website that suggested I use something called LSPFix to fix the problem and clicked "Ok" for everything really quickly. Apparently I should have paid more attention to what I was agreeing to because I soon became unable to go to new web pages. My computer indicates that I am connected to my wireless network but I cannot go to any website without getting the "This page cannot be displayed" error message.

System restore is disabled and doesn't go far back enough for me. I'd like to avoid a reformat if I can.

When I do "netsh int ip reset" in CMD I get something saying wshelper.dll cannot be loaded.
When I do "netsh winsock reset" I get the same thing.

Any help you could provide me with would be greatly appreciated. Thanks in advance.

Edited by hamluis, 21 July 2012 - 06:45 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 21 July 2012 - 07:08 PM

Copy all the tools to infected PC and run

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 21 July 2012 - 07:09 PM.


#3 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 07:14 AM

Where is the TDSSKiller log file located? I ran the program from my desktop and am unable to locate the log.

Here are the logs for both MiniToolBox and FSS.

MiniToolBox:
---------------------------------------------------------
MiniToolBox by Farbar Version: 15-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 08:00:45
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

RangeMax™ NEXT Wireless Adapter WN311B = Wireless Network Connection 2 (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Naveen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RangeMax™ NEXT Wireless Adapter WN311B #2
Physical Address. . . . . . . . . : C4-3D-C7-55-6E-CB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::59ad:4c70:b566:f365%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 22, 2012 7:57:05 AM
Lease Expires . . . . . . . . . . : Monday, July 23, 2012 7:57:05 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 348405191
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-29-F8-54-00-1F-D0-85-DC-FC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{92D5D2F3-ABF5-4513-ADB0-70D7FE2AE552}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{222AD0A8-0DE2-4485-AF97-51668041CB45}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for d…_˜˜˜¬o:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...c4 3d c7 55 6e cb ......RangeMax™ NEXT Wireless Adapter WN311B #2
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 281
192.168.1.6 255.255.255.255 On-link 192.168.1.6 281
192.168.1.255 255.255.255.255 On-link 192.168.1.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 281 fe80::/64 On-link
16 281 fe80::59ad:4c70:b566:f365/128
On-link
1 306 ff00::/8 On-link
16 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2012 07:57:17 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Error: (07/22/2012 07:57:17 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service port is unavailable for listening, or invalid.

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname Naveen-PC.local already in use; will try Naveen-PC-2.local instead

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Naveen-PC.local. Addr 192.168.1.6

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 4 Naveen-PC.local. Addr 192.168.1.9

Error: (07/22/2012 07:45:08 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Error: (07/22/2012 07:45:08 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service port is unavailable for listening, or invalid.

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname Naveen-PC.local already in use; will try Naveen-PC-2.local instead

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Naveen-PC.local. Addr 192.168.1.6

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 4 Naveen-PC.local. Addr 192.168.1.9


System errors:
=============
Error: (07/22/2012 07:57:27 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/22/2012 07:57:27 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/22/2012 07:57:15 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the BFE service which failed to start because of the following error:
%%5

Error: (07/22/2012 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error:
%%5

Error: (07/22/2012 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/22/2012 07:57:07 AM) (Source: NetBT) (User: )
Description: The name "NAVEEN-PC :20" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.9 did not allow the name to be claimed by
this computer.

Error: (07/22/2012 07:57:07 AM) (Source: NetBT) (User: )
Description: The name "NAVEEN-PC :0" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.9 did not allow the name to be claimed by
this computer.

Error: (07/22/2012 07:57:06 AM) (Source: Service Control Manager) (User: )
Description: The BFE service failed to start due to the following error:
%%5

Error: (07/22/2012 07:57:07 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{92D5D2F3-ABF5-4513-ADB0-70D7FE2AE552} because another computer on the network has the same name. The server could not start.

Error: (07/22/2012 07:57:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (07/22/2012 07:57:17 AM) (Source: SQLBrowser)(User: )
Description:

Error: (07/22/2012 07:57:17 AM) (Source: SQLBrowser)(User: )
Description:

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname Naveen-PC.local already in use; will try Naveen-PC-2.local instead

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Naveen-PC.local. Addr 192.168.1.6

Error: (07/22/2012 07:57:07 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 4 Naveen-PC.local. Addr 192.168.1.9

Error: (07/22/2012 07:45:08 AM) (Source: SQLBrowser)(User: )
Description:

Error: (07/22/2012 07:45:08 AM) (Source: SQLBrowser)(User: )
Description:

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname Naveen-PC.local already in use; will try Naveen-PC-2.local instead

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Naveen-PC.local. Addr 192.168.1.6

Error: (07/22/2012 07:44:59 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 4 Naveen-PC.local. Addr 192.168.1.9


=========================== Installed Programs ============================

Adobe AIR (Version: 3.0.0.4080)
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AIM 7
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon Kindle
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD AVIVO64 Codecs (Version: 12.1.0.11208)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4385.36018)
Application Profiles (Version: 2.0.4399.36214)
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Armarize 1.3.3.0 (Version: 1.3.3.0)
Baldur's Gate
Batman: Arkham City
Battlefield 2142 Deluxe Edition (Version: 1.5.1.0)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock 2 (Version: 1.0.0003.131)
BitComet 1.20 (Version: 1.20)
BitComet 1.29 64-bit (Version: 1.29)
Bonjour (Version: 3.0.0.10)
BrettspielWelt
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2011.1025.2231.38573)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CDisplay 1.8
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Convert DOC to PDF For Word 3.50
Counter-Strike: Global Offensive Beta
CPUID CPU-Z 1.54
CPUID HWMonitor 1.18
Crusader Kings II
D-Fend Reloaded 0.9.1 (deinstall) (Version: 0.9.1)
D3DX10 (Version: 15.4.2368.0902)
Defenders of Ardania Demo
Diablo III (Version: 1.0.3.10485)
Dota 2
Download Updater (AOL LLC)
Dragon Age II (Version: 1.00)
Dragon Age Redesigned © Morrigan
Dragon Age Redesigned©
Dragon Age Redesigned© Leliana
Dragon Age Redesigned© Wynne
Dragon Age: Origins - Ultimate Edition
Dropbox (Version: 1.2.52)
Dual-Core Optimizer (Version: 1.1.4.0169)
ESN Sonar (Version: 0.70.0)
ESN Sonar (Version: 0.70.4)
Europa Universalis III
Fallout Mod Manager 0.11.9
ffdshow v1.1.3800 [2011-03-28] (Version: 1.1.3800.0)
Fraps
Free PS Convert driver 8.15
Google Chrome (Version: 20.0.1132.57)
Google Talk Plugin (Version: 3.1.4.8140)
Guild Wars
Half-Life
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HP Product Detection (Version: 10.7.9.0)
HydraVision (Version: 4.2.220.0)
Impulse (Version: 1.0)
Ingenuity Webstart Test
InterActual Player
IPA
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Lamp (Version: 1.0.0)
Legend of Grimrock
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect™ 3 (Version: 1.01.0.0)
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Breakthrough
Medal of Honor Allied Assault™ Breakthrough Patch v2.40
Medal of Honor Allied Assault™ Spearhead Patch 2.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mobipocket Reader 6.2 (Version: 6.2.608)
MountMusket Battalion (Version: 0.4.2)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexon Game Manager
Nexus Mod Manager (Version: 0.14.1)
No One Lives Forever - Game of the Year Edition
NVIDIA PhysX (Version: 9.11.1107)
OCTGN (Version: 0.10.0.0)
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
One Unit Whole Blood
OpenAL
Origin (Version: 8.5.0.4550)
Pando Media Booster (Version: 2.3.6.0)
Planescape Torment
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PunkBuster Services (Version: 0.991)
Python 2.6 comtypes-0.6.2
Python 2.6 psyco-1.6
Python 2.6 pywin32-214
Python 2.6.4 (Version: 2.6.4150)
Quake Live Mozilla Plugin (Version: 1.0.433)
QuickTime (Version: 7.70.80.34)
RangeMax™ NEXT Wireless Adapter WN311B
Rapture3D 2.4.8 Game
Razer
Realtek High Definition Audio Driver (Version: 6.0.1.6050)
Serious Sam 3: BFE
Sid Meier's Civilization V
Sins of a Solar Empire (Version: 1.00.00)
Skype™ 5.9 (Version: 5.9.115)
Smart PDF Creator 5.1.0.397 (Version: 5.1.0.397)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
StarCraft II (Version: 1.4.3.21029)
StartNow Toolbar (Version: 2.3.0)
Steam (Version: 1.0.0.0)
Super Crossfire version 1.0 (Version: 1.0)
Tag - IGF Professional 2008
TeamSpeak 3 Client
The Binding of Isaac
The Elder Scrolls V: Skyrim
The Witcher 2
The Witcher Grafikmods 1.0
Tribes: Ascend
Trine 2
TSLRCM 1.7
Ubisoft Game Launcher (Version: 1.0.0.0)
Unreal Gold
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
USB-703 Vibration Joystick
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.0.5 (Version: 1.0.5)
Warhammer 40,000 Space Marine
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Wrye Bash
wxPython 2.8.10.1 (ansi) for Python 2.6 (Version: 2.8.10.1-ansi)
Zip Motion Block Video codec (Remove Only)

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 8109.12 MB
Available physical RAM: 6577.32 MB
Total Pagefile: 16216.38 MB
Available Pagefile: 14391.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.17 GB) (Free:131.83 GB) NTFS
4 Drive f: (SCII CE USB) (Removable) (Total:1.96 GB) (Free:0.16 GB) FAT

========================= Users: ========================================

User accounts for \\NAVEEN-PC

Administrator ASPNET Guest
Naveen


**** End of log ****


FSS:
--------------------------------------------------
Farbar Service Scanner Version: 19-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 08:02:42
Running from "C:\Users\Naveen\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 19:58] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 17:52] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 18:31] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 07:35 AM

Copy this tool

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Remove Policies Set By Infections
Repair Winsock & DNS Cache



Checkmark Restart System When Finished option
click the Start button

System should restart after repair

If you still have internet issues,launch minitoolbox and click on

LIST WINSOCK ENTRIES

Click on GO,post the minitoolbox log

#5 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 09:14 AM

When I run the Windows Repair Tool I get the following error message multiple times: Execute processes remotely has stopped working.

I am still having Internet issues. Here is my MiniToolBox log:
---------------------------
MiniToolBox by Farbar Version: 15-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 10:12:05
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 09:47 AM

Lets fix one by one

Create a restore point<<<important

Download

Winsock5.reg

Launch it,click YES,

Restart the PC ,run minitoolbox again with winsock entries checkmarked

Post the new log

Edited by narenxp, 22 July 2012 - 02:39 PM.


#7 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 10:31 AM

I created a restore point and launched winsock5.reg

Here is the log:
--------------------------
MiniToolBox by Farbar Version: 15-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 11:29:14
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 11:09 AM

Registry key has not been added properly..

Launch it again,You should get a prompt

Click YES , and click YES this should import keys to registry

Restart the PC

Run the minitool box again and checkmark

List winsock entries

Click on go,post the new log

Edited by narenxp, 22 July 2012 - 11:10 AM.


#9 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 11:34 AM

I clicked yes twice and restarted the PC but the log is the same. Perhaps the registry keys are being added to the wrong location?

Here is the log:
----------------------------

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 12:49 PM

Download

System look

Launch it and copy this script

:reg
HKLM\System\CurrentControlSet\Services\Winsock /s
HKLM\System\CurrentControlSet\Services\Winsock2 /s

Click on LOOK,post the generated log

#11 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 01:45 PM

Here is the log:
--------------
SystemLook 30.07.11 by jpshortstuff
Log created at 14:41 on 22/07/2012 by Naveen
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000003 (3)
"Type"= 0x0000000004 (4)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Parameters]
"Transports"="Tcpip Tcpip6 Psched"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration]
"Setup Version"= 0x0000001009 (4105)
"Provider List"="Psched Tcpip Tcpip6"
"Known Static Providers"="Tcpip Tcpip6 NwlnkIpx NwlnkSpx AppleTalk IsoTp Psched"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Psched]
"WinSock 2.0 Provider ID"=e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip]
"WinSock 2.0 Provider ID"=a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6]
"WinSock 2.0 Provider ID"=c0 b0 ea f9 d4 26 d0 11 bb bf 00 aa 00 6c 34 e4 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock\Setup Migration\Well Known Guids]
"IsoTp"=b0 cb e4 89 c1 b9 cf 11 95 c8 00 80 5f 48 a1 92 (REG_BINARY)
"McsXns"=b1 cb e4 89 c1 b9 cf 11 95 c8 00 80 5f 48 a1 92 (REG_BINARY)
"AppleTalk"=a0 17 3b 2c df c6 cf 11 95 c8 00 80 5f 48 a1 92 (REG_BINARY)


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters]
"WinSock_Registry_Version"="2.0"
"NameSpace_Callout"="%SystemRoot%\System32\fwpuclnt.dll"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\Windows\system32\wininit.exe"
"PermittedLspCategories"= 0x0080000040 (-2147483584)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651]
"AppFullPath"="C:\Windows\system32\svchost.exe"
"AppArgs"="-k NetworkService"
"PermittedLspCategories"= 0x0080000044 (-2147483580)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0]
"AppFullPath"="C:\Windows\system32\svchost.exe"
"AppArgs"="-k LocalServiceNetworkRestricted"
"PermittedLspCategories"= 0x0080000040 (-2147483584)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA]
"AppFullPath"="C:\Windows\system32\svchost.exe"
"AppArgs"="-k LocalServiceAndNoImpersonation"
"PermittedLspCategories"= 0x0080000044 (-2147483580)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0]
"AppFullPath"="C:\Windows\system32\svchost.exe"
"AppArgs"="-k LocalService"
"PermittedLspCategories"= 0x0080000044 (-2147483580)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\system32\lsass.exe"
"PermittedLspCategories"= 0x0080000000 (-2147483648)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries64"= 0x0000000009 (9)
"Num_Catalog_Entries"= 0x0000000007 (7)
"Serial_Access_Num"= 0x000000003a (58)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=ee 37 26 3b 80 e5 cf 11 a5 55 00 c0 4f d8 d4 ac (REG_BINARY)
"SupportedNameSpace"= 0x0000000020 (32)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\system32\napinsp.dll"
"DisplayString"="@%SystemRoot%\system32\napinsp.dll,-1000"
"ProviderId"=a2 cb 4a 96 bc b2 eb 40 8c 6a a6 db 40 16 1c ae (REG_BINARY)
"SupportedNameSpace"= 0x0000000025 (37)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\system32\pnrpnsp.dll,-1000"
"ProviderId"=ce 89 fe 03 6d 76 76 49 b9 c1 bb 9b c4 2c 7b 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000027 (39)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\system32\pnrpnsp.dll,-1001"
"ProviderId"=cd 89 fe 03 6d 76 76 49 b9 c1 bb 9b c4 2c 7b 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000026 (38)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=e9 dd 77 41 28 60 9e 47 b7 b7 03 59 1a 63 ff 3a (REG_BINARY)
"SupportedNameSpace"= 0x000000000c (12)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=2c 2a 9f 22 18 5f 06 4a 8f 89 3a 37 21 70 62 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000013 (19)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=e9 e6 00 b6 3b 55 19 4a 86 96 33 5e 5c 89 61 53 (REG_BINARY)
"SupportedNameSpace"= 0x000000000c (12)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\system32\nlasvc.dll,-1000"
"ProviderId"=3a 24 42 66 a8 3b a6 4a ba a5 2e 0b d7 1f dd 83 (REG_BINARY)
"SupportedNameSpace"= 0x000000000f (15)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\system32\wshtcpip.dll,-60103"
"ProviderId"=40 9d 05 22 9e 7e cf 11 ae 5a 00 aa 00 a7 11 2b (REG_BINARY)
"SupportedNameSpace"= 0x000000000c (12)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=ee 37 26 3b 80 e5 cf 11 a5 55 00 c0 4f d8 d4 ac (REG_BINARY)
"SupportedNameSpace"= 0x0000000020 (32)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000000 (0)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\system32\napinsp.dll"
"DisplayString"="@%SystemRoot%\system32\napinsp.dll,-1000"
"ProviderId"=a2 cb 4a 96 bc b2 eb 40 8c 6a a6 db 40 16 1c ae (REG_BINARY)
"SupportedNameSpace"= 0x0000000025 (37)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\system32\pnrpnsp.dll,-1000"
"ProviderId"=ce 89 fe 03 6d 76 76 49 b9 c1 bb 9b c4 2c 7b 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000027 (39)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\system32\pnrpnsp.dll,-1001"
"ProviderId"=cd 89 fe 03 6d 76 76 49 b9 c1 bb 9b c4 2c 7b 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000026 (38)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000000 (0)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
"DisplayString"="WindowsLive NSP"
"ProviderId"=e9 dd 77 41 28 60 9e 47 b7 b7 03 59 1a 63 ff 3a (REG_BINARY)
"SupportedNameSpace"= 0x000000000c (12)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008]
"LibraryPath"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
"DisplayString"="WindowsLive Local NSP"
"ProviderId"=2c 2a 9f 22 18 5f 06 4a 8f 89 3a 37 21 70 62 4d (REG_BINARY)
"SupportedNameSpace"= 0x0000000013 (19)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000000 (0)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009]
"LibraryPath"="C:\Program Files\Bonjour\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=e9 e6 00 b6 3b 55 19 4a 86 96 33 5e 5c 89 61 53 (REG_BINARY)
"SupportedNameSpace"= 0x000000000c (12)
"Enabled"= 0x0000000001 (1)
"Version"= 0x0000000001 (1)
"StoresServiceClassInfo"= 0x0000000001 (1)
"ProviderInfo"= (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries64"= 0x000000000a (10)
"Num_Catalog_Entries"= 0x0000000000 (0)
"Next_Catalog_Entry_ID"= 0x00000003f3 (1011)
"Serial_Access_Num"= 0x0000000005 (5)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 e9 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshtcpip.dll,-60100"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 ea 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshtcpip.dll,-60101"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 eb 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshtcpip.dll,-60102"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 c0 b0 ea f9 d4 26 d0 11 bb bf 00 aa 00 6c 34 e4 ec 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 1c (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wship6.dll,-60100"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 c0 b0 ea f9 d4 26 d0 11 bb bf 00 aa 00 6c 34 e4 ed 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 1c (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wship6.dll,-60101"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 c0 b0 ea f9 d4 26 d0 11 bb bf 00 aa 00 6c 34 e4 ee 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 1c (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wship6.dll,-60102"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a ef 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 1c (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshqos.dll,-100"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f0 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshqos.dll,-101"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 26 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f1 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 1c (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshqos.dll,-102"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010]
"PackedCatalogItem"=6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 26 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f2 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 (REG_BINARY)
"ProtocolName"="@%SystemRoot%\System32\wshqos.dll,-103"


-= EOF =-

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 02:41 PM

I have edited the key now,Download the key once again,

I hope you have already created restore point.This is very important

Download the key again,click YES

Restart the PC and post the new list of winsock entries

#13 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 02:59 PM

Here is the log:
------------------------
MiniToolBox by Farbar Version: 15-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 15:56:11
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 22 July 2012 - 03:05 PM

Run windows repair tool and checkmark

Click on Start repairs tab-click on Start

check mark following options alone

Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

Post the new toolbox log

Edited by narenxp, 22 July 2012 - 03:05 PM.


#15 TheGrolarBear

TheGrolarBear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2012 - 03:26 PM

When I run Windows Repair tool I continue to get the same error message during the "Repair Winsock and DNS Cache Step": Execute processes remotely has stopped working.

Here is the log:
---------------------------
MiniToolBox by Farbar Version: 15-07-2012
Ran by Naveen (administrator) on 22-07-2012 at 16:22:55
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 07 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 08 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 09 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users