Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Firewall and Infection!


  • Please log in to reply
14 replies to this topic

#1 PsiIntel

PsiIntel

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 December 2012 - 11:22 PM

So I'm new to this forum as you guys can see and I really need help with the problem I'm currently having with my Windows XP machine.

I spent a total of 12 hours so far trying to fix the problem but didn't get far.

I opened my computer one day and then I found the computers antivirus(Avast) web and mail shields to be off.
The firewall was also off.

I tried to go to google.com and stuff but no web page would open

I ran a full Malwarebytes and Avast scan but got nothing
Ran root killer from Kasperky but got nothing
Ran CureIt and found 2 Trojan.Muldrop viruses in my System Volume Information folder

Deleted them

Still the avast shields are down and firewalls are down. Cant access the Internet in anyway at all on that computer

When I try to turn firewall using service.msc the error message pops up when I try to start Windows Firewall/Internet Connection Sharing(ICS)

I got error 2 where windows could not find some type of file or something

I did a Dns reset and winsock reset....

Nothing changed so I really need help

Thanks!


*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 11 December 2012 - 08:23 AM.


BC AdBot (Login to Remove)

 


#2 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 11 December 2012 - 05:58 PM

Had the same problem a while ago, ill be helping you fix this

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

#3 PsiIntel

PsiIntel
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 December 2012 - 06:53 PM

Thanks For the Reply

Security Check Log

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 9
Java SE Development Kit 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

==========================================================================================================================


FSS(Farbar Service Scanner) Log
Farbar Service Scanner Version: 10-12-2012
Ran by Luo (administrator) on 11-12-2012 at 18:29:23
Running from "C:\Documents and Settings\Luo\Desktop\IcyTower"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is set to Disabled. The default start type is System.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

=============================================================================


MiniToolBox Log
MiniToolBox by Farbar Version: 25-11-2012
Ran by Luo (administrator) on 11-12-2012 at 18:38:20
Running from "H:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2012 05:31:33 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.SQLEXPRESS\MSSQL\BINN\XEPKG0.MOF while recovering repository file.

Error: (12/11/2012 05:31:33 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.SQLEXPRESS\MSSQL\BINN\XESOSPKG.MOF while recovering repository file.

Error: (12/11/2012 05:31:33 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.SQLEXPRESS\MSSQL\BINN\XESQLPKG.MOF while recovering repository file.

Error: (12/11/2012 05:31:32 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\100\SHARED\SQLMGMPROVIDERXPSP2UP.MOF while recovering repository file.

Error: (12/11/2012 05:31:32 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\100\SHARED\1033\SQLMGMPROVIDER.MFL while recovering repository file.

Error: (12/11/2012 05:31:31 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF while recovering repository file.

Error: (12/11/2012 05:31:31 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF while recovering repository file.

Error: (12/11/2012 05:31:22 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error: (12/11/2012 05:31:21 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF while recovering repository file.

Error: (12/11/2012 05:31:21 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF while recovering repository file.


System errors:
=============
Error: (12/11/2012 06:19:04 PM) (Source: Service Control Manager) (User: )
Description: The @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 service failed to start due to the following error:
%%1053

Error: (12/11/2012 06:19:04 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 service to connect.

Error: (12/11/2012 05:28:41 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058

Error: (12/11/2012 05:17:20 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058

Error: (12/11/2012 05:14:38 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058

Error: (12/11/2012 05:14:37 PM) (Source: Service Control Manager) (User: )
Description: The aswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058

Error: (12/11/2012 05:14:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRdr

Error: (12/11/2012 05:14:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (12/11/2012 05:14:33 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058

Error: (12/11/2012 05:14:33 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Akamai NetSession Interface
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ASPCA Reminder by We-Care.com v5.0.5.1 (Version: 5.0.5.1)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Display Driver (Version: 8.561-081201a1-074335C)
Audacity 2.0
Avanquest update (Version: 1.21)
avast! Free Antivirus (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
C4700 (Version: 130.0.373.000)
CCleaner (Version: 3.20)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
Dropbox (Version: 1.4.17)
Google Chrome (Version: 23.0.1271.95)
GPBaseService2 (Version: 130.0.371.000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.006.003)
HPDiagnosticAlert (Version: 1.00.0000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 9 (Version: 1.7.0.90)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Network (Version: 130.0.572.000)
NVIDIA PhysX (Version: 9.10.0513)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS6 (Version: 11.0)
PPS影音 V2.7.0.1507 正式版 (Version: 2.7.0.1507)
Primo (Version: 1.00.0000)
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000)
QQLive (Version: 2011(0.0.0.0))
QQ拼音输入法4.5 (Version: 4.5)
QQ游戏 (Version: 2.4.104.42)
QQ软件管理1.0 Beta3 (Version: 1.0 Beta3 Build 302)
QuickTime (Version: 7.72.80.56)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5780)
Runtime (Version: 1.00.0000)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.80301)
Samsung PC Studio 3 (Version: 3.2.3.90502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Scan (Version: 140.0.80.000)
Segoe UI (Version: 14.0.4327.805)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
VLC media player 2.0.4 (Version: 2.0.4)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
可牛影像 2.7.1.1001 正式版升级包 (Version: 2.7.1.1001 正式版升级包)
腾讯QQ2011 (Version: 1.61.2103.0)
酷狗音乐2012 (Version: 7.2.6.16536)
飞速土豆 1.40.19.0 (Version: 1.40.19.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 1790.42 MB
Available physical RAM: 1143.74 MB
Total Pagefile: 3684.94 MB
Available Pagefile: 3280.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.76 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:60.56 GB) (Free:16.08 GB) NTFS
3 Drive d: () (Fixed) (Total:172.33 GB) (Free:146.45 GB) NTFS
6 Drive h: (TOMMY) (Removable) (Total:7.55 GB) (Free:6.27 GB) FAT32

========================= Users: ========================================

User accounts for \\LUO-A901910139B

Administrator ASPNET Guest
HelpAssistant HsUser_Nsh3my6qqdw Luo
SUPPORT_388945a0


**** End of log ****

==========================================================================================


MalwareBytes Log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Luo :: LUO-A901910139B [administrator]

12/11/2012 6:26:37 PM
mbam-log-2012-12-11 (18-26-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205959
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===================================================================================================================

aswMBR Log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 18:38:32
-----------------------------
18:38:32.812 OS Version: Windows 5.1.2600 Service Pack 3
18:38:32.812 Number of processors: 3 586 0x203
18:38:32.812 ComputerName: LUO-A901910139B UserName: Luo
18:38:34.515 Initialize success
18:38:35.515 AVAST engine defs: 12121000
18:38:53.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:38:53.000 Disk 0 Vendor: ST3250310AS 3.AAF Size: 238474MB BusType: 3
18:38:53.015 Disk 0 MBR read successfully
18:38:53.015 Disk 0 MBR scan
18:38:53.078 Disk 0 Windows XP default MBR code
18:38:53.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 62008 MB offset 63
18:38:53.078 Disk 0 Partition - 00 05 Extended 176463 MB offset 126993825
18:38:53.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 176463 MB offset 126993888
18:38:53.109 Disk 0 scanning sectors +488392065
18:38:53.171 Disk 0 scanning C:\WINDOWS\system32\drivers
18:38:59.234 Service scanning
18:39:12.875 Modules scanning
18:39:21.171 Disk 0 trace - called modules:
18:39:21.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:39:21.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4cfab8]
18:39:21.187 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a520360]
18:39:21.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a552bd0]
18:39:22.406 AVAST engine scan C:\WINDOWS
18:39:26.328 AVAST engine scan C:\WINDOWS\system32
18:41:09.156 AVAST engine scan C:\WINDOWS\system32\drivers
18:41:16.843 AVAST engine scan C:\Documents and Settings\Luo
18:42:50.937 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
18:42:50.968 The log file has been saved successfully to "H:\aswMBR.txt"

================================================================================================================================


Once Again thanks for the help
Here is the exact error message I get when I try to start Windows Firewall from services.msc

"Error 2: The system cannot find the file specified."

Sorry for all the trouble
Still without internet access on that computer....
Please reply soon!
Thank You!

Edited by PsiIntel, 11 December 2012 - 07:01 PM.


#4 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 12 December 2012 - 01:47 PM

I think I have identified the problem. As shown in the FSS log the 'start type of Tcpip service is set to Disabled'. I am currently on my iPod and will help you solve your problem ASAP first chance i get on my pc.

#5 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 12 December 2012 - 02:55 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"



Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

#6 PsiIntel

PsiIntel
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 December 2012 - 06:11 PM

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.


Thank You for your reply! :inlove:
So I have already tried all of your options besides Dial a Fix
I ran it and I got a couple of dll errors of which I will post below

Errors

iesetup.dll is not registerable or the file is corrupt
iesetup.dll is not DLLInstall-able or the file is corrupted

imgutil.dll is not registerable or the file is corrupt

inseng.dll is not registerable or the file is corrupt
inseng.dll is not DLLInstall-able or the file is corrupted

mshtml.dll is not registerable or the file is corrupt
mshtml.dll is not DLLInstall-able or the file is corrupted

msrating.dll is not registerable or the file is corrupt

occache.dll is not registerable or the file is corrupt
occache.dll is not DLLInstall-able or the file is corrupted

pngfilt.dll is not registerable or the file is corrupt

webcheck.dll is not registerable or the file is corrupt
webcheck.dll is not DLLInstall-able or the file is corrupted




As you can see there are a lot of problems with my computer
How am I able to fix those problems?

Also you told me to run the hammertool and run through the steps one by one
However, I am unable to complete them because I don't have the XP disk

Is there any other ways of solving this problem? Thanks!


With much Gratitude!
-PsiIntel

#7 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 12 December 2012 - 06:21 PM

Im going to get a deeper look into this. Since your tcpip.sys service is not running we may have to replace it with a backup on your system. Ill reply back to you tommorow with more instructions.

#8 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 13 December 2012 - 01:12 PM

1.Click Start, point to All Programs, point to Administrative Tools, and then click Services.
OR
Go To C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools and select 'Services'
2.Scroll until you find the service that is stopped or disabled. (In your case the service is called TCP/IP NetBIOS Helper)
3.Double-click the service that did not start.
4.Click the Log On tab.
Posted Image
5.Verify that the service is not disabled for the hardware profile that you are using. If the service is disabled for the hardware profile, click Enable.
6.Click the General tab, and then in the Startup Type box, verify that the service is not disabled. If the service is disabled, click Automatic to have it start when you start the computer.
Posted Image
7. Click OK.

Restart Computer

Post NEW FSS Log and inform me how your pc is doing.

#9 PsiIntel

PsiIntel
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 13 December 2012 - 05:31 PM

Hi Thanks Once again for another quick reply!

So I checked the settings with TCP/IP NetBIOS Helper
And everything looks normal
The service is started and the start up type is automatic.

Is there any other solutions?


Would there be the only option of wiping the disk cleaning and reinstalling the operating system?

#10 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 14 December 2012 - 05:01 AM

Try this.

1.Click Start, Right Click 'My Computer', Select Properties.
2.A System Properties box shall appear, Go To the Hardware tab, Select Device Manager.
3.The Device Manager box will appear, Select view at the top and Click Show hidden devices.
4.You will see a list of devices appear under Non-Plug and Play Drivers.
5.Scroll down till you see TCP/IP Proctol Driver, Double Click it.
6.The Driver properties will appear, In the General tab make sure Use this device(enable) Underneath 'Device Usage:'
7.Go to the Driver tab, Under Startup make sure the type is 'System', Then under current status click Start.
8.Click OK
9.Reboot PC

Post NEW FSS Log


Edited by robocop321, 14 December 2012 - 06:10 AM.


#11 PsiIntel

PsiIntel
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 14 December 2012 - 05:26 PM

Sorry About that
Here is the log



Farbar Service Scanner Version: 10-12-2012
Ran by Luo (administrator) on 14-12-2012 at 16:52:42
Running from "C:\Documents and Settings\Luo\Desktop\IcyTower"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is set to Disabled. The default start type is System.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#12 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 14 December 2012 - 05:31 PM

I need you to do the following:

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

===============================================================================================
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

Edited by robocop321, 15 December 2012 - 01:15 PM.


#13 PsiIntel

PsiIntel
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 15 December 2012 - 06:38 PM

I need you to do the following:

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

===============================================================================================
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.


Hi, Sorry for the late reply!
Those steps didn't work for me...
So I just installed Windows 7 and deleted everything

Now my computer is working

Thanks for the help so far though!

#14 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 15 December 2012 - 06:45 PM

Alright glad you resolved it. :)
Any current issues?
Feel free to PM if you need anything

#15 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 17 December 2012 - 10:54 AM

The topic can now be closed as the OP has resolved his issue.

Edited by robocop321, 17 December 2012 - 12:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users