Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet not connecting after using ComboFix!


  • Please log in to reply
30 replies to this topic

#1 ascrolif10

ascrolif10

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 11 January 2013 - 02:10 PM

I was redirected here from this: http://www.bleepingcomputer.com/forums/topic480895.html

So basically, my internet is currently not working at the moment after using ComboFix myself stupidly.

Technical information:
Computer Model: HP Pavillion dv7
How the computer is wired: Wireless connection.
Make and model of router: D-link DIR-815 (I think)
Approximate distance from router: 1-2 metres
What type of internet you have: Unsure

Here are a bunch of logs for you experts to take a look at. It includes in order: MiniToolBox, Farbar Service Scanner (all), and the original ComboFix fail I had.
The logs are separated by |||||||||||| lines.

MiniToolBox by Farbar Version:10-01-2013
Ran by Caleb (administrator) on 11-01-2013 at 13:47:53
Running from "C:\Users\Caleb\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 6 (Media disconnected)
Spotflux Network Device Driver = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set subinterface interface=?0 subinterface=ethernet_6 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Caleb-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Spotflux Network Device Driver
Physical Address. . . . . . . . . : 00-FF-44-1E-C8-9A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-50-73-16-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #4
Physical Address. . . . . . . . . : 8C-A9-82-8D-E3-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-8D-E3-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7ccc:c6e0:2f87:5eb4%19(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.94.180(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-27-D7-A9-97-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : CC-52-AF-79-28-4B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.phub.net.cable.rogers.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5073164C-F3B9-4899-A11F-438B5CDDB25F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F99CC4CA-1BCF-49AE-95C4-4D6B7DC556C5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{441EC89A-7583-4BBB-B4E0-62BEF410CC50}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C9409732-33DF-4BA9-BA62-025A33F7DC21}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9C42D26D-A6A2-4F69-B32E-325C28A51497}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 8.26.56.26

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 8.26.56.26

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
34...00 ff 44 1e c8 9a ......Spotflux Network Device Driver
32...00 ff 50 73 16 4c ......Anchorfree HSS Adapter
20...8c a9 82 8d e3 87 ......Microsoft Virtual WiFi Miniport Adapter #4
19...8c a9 82 8d e3 86 ......Intel® WiFi Link 1000 BGN
12...2c 27 d7 a9 97 b1 ......Realtek PCIe GBE Family Controller
11...cc 52 af 79 28 4b ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.94.180 281
169.254.94.180 255.255.255.255 On-link 169.254.94.180 281
169.254.255.255 255.255.255.255 On-link 169.254.94.180 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.94.180 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.94.180 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
19 281 fe80::/64 On-link
19 281 fe80::7ccc:c6e0:2f87:5eb4/128
On-link
1 306 ff00::/8 On-link
19 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/10/2013 04:33:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0xe94
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/09/2013 06:53:32 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/09/2013 05:06:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x1b6c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/09/2013 05:04:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x1404
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 09:20:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x16dc
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 09:20:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x13a8
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 09:13:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0xfdc
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 09:02:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x700
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 08:55:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x1780
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (01/08/2013 08:33:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: KeyScramblerIE.DLL, version: 2.9.1.0, time stamp: 0x4f583de0
Exception code: 0xc0000005
Fault offset: 0x00000000000018e0
Faulting process id: 0x1af8
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3


System errors:
=============
Error: (01/11/2013 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (01/11/2013 01:48:12 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (01/11/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error:
%%1058

Error: (01/11/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error:
%%1058

Error: (01/11/2013 00:21:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error:
%%1058

Error: (01/11/2013 00:21:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error:
%%1058

Error: (01/11/2013 00:17:50 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

Error: (01/11/2013 00:17:50 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952450.

Error: (01/11/2013 00:16:51 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

Error: (01/11/2013 00:16:51 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952450.


Microsoft Office Sessions:
=========================
Error: (01/10/2013 04:33:33 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e0e9401cdeec5adc76d66C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL6211cbbd-5b6d-11e2-8bb2-81208c3c0ddf

Error: (01/09/2013 06:53:32 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/09/2013 05:06:47 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e01b6c01cdeeb555e159a5C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLLdc2c9fa2-5aa8-11e2-beb0-cc52af79284b

Error: (01/09/2013 05:04:44 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e0140401cdeeb2c7fe577bC:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL92cf7670-5aa8-11e2-beb0-cc52af79284b

Error: (01/08/2013 09:20:36 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e016dc01cdee0fe2a7923dC:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL26eea3e7-5a03-11e2-beb0-cc52af79284b

Error: (01/08/2013 09:20:25 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e013a801cdee0f16935f42C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL202b476d-5a03-11e2-beb0-cc52af79284b

Error: (01/08/2013 09:13:47 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e0fdc01cdee0d6ff4acb7C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL330b46a3-5a02-11e2-beb0-cc52af79284b

Error: (01/08/2013 09:02:54 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e070001cdee0cebc379a4C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLLad674aa7-5a00-11e2-beb0-cc52af79284b

Error: (01/08/2013 08:55:09 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e0178001cdee0c1073ab60C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL988df1d6-59ff-11e2-beb0-cc52af79284b

Error: (01/08/2013 08:33:31 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7601.175144ce79f70KeyScramblerIE.DLL2.9.1.04f583de0c000000500000000000018e01af801cdee079ea6c934C:\Windows\system32\LogonUI.exeC:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL9297e6a0-59fc-11e2-beb0-cc52af79284b


CodeIntegrity Errors:
===================================
Date: 2013-01-06 21:05:39.826
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-06 21:05:39.748
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-06 21:38:47.610
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-06 21:38:47.486
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:39:37.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:39:37.679
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:39:37.622
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:39:37.565
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:37:54.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-15 21:37:54.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8139.86 MB
Available physical RAM: 6055.89 MB
Total Pagefile: 16277.91 MB
Available Pagefile: 13415.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.23 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:681.11 GB) (Free:314.66 GB) NTFS
2 Drive d: () (Fixed) (Total:698.63 GB) (Free:698.48 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:17.23 GB) (Free:2.14 GB) NTFS
6 Drive h: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
7 Drive i: (KINGSTON) (Removable) (Total:7.2 GB) (Free:0.28 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Caleb Guest
Kevin


**** End of log ****

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Farbar Service Scanner Version: 05-01-2013
Ran by Caleb (administrator) on 06-01-2013 at 22:38:12
Running from "C:\Users\Caleb\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 20:29] - [2013-01-06 21:39] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Mod Edit: Removed CF malware log - Hamluis.

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

If an expert could help me, please do! I haven't been able to use my laptop for a week now...

Edited by hamluis, 12 January 2013 - 09:17 AM.


BC AdBot (Login to Remove)

 


#2 ComputerMedic2013

ComputerMedic2013

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springvale, ME
  • Local time:12:00 PM

Posted 12 January 2013 - 08:57 AM

Dear ascrolif10,

It appears that your dhcp service is not running on your troubled computer so your modem / router cannot assign an IP address to it:

Internet Services:
============
Dhcp Service is not running. Checking service configuration:


You can open up your network and sharing center --> click on change adapter settings / manage network connections --> right click on your Wireless network connection / Local area connection ( whichever you use to connect to the internet )--> (if using a router)manually assign an ip address of 192.168.0.2 w/ a dns of 8.8.8.8 and 8.8.4.4 or 192.168.1.1 with the same dns as posted previously. If you do not use a router, connect antoher computer directly into your ISP's modem and go to www.whatismyip.com. Then write down that IP address, disconnect that computer and connect the troubled computer to the modem. Apply the IP address to your connection medium ( instructions previously in post) but use that differrent IP address for your IP and 8.8.8.8 and 8.8.4.4 for the dns servers. This should resolve your issue.

Judging by your logs, your internet is disabled, along with your antivirus and ability to update windows. To save time, I would back up what you can and re-install windows.

Edited by ComputerMedic2013, 12 January 2013 - 08:59 AM.


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 12 January 2013 - 09:09 AM

Lets see if i can help you.Please run this tool agai.Make sure to run it in normal mode.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#4 ascrolif10

ascrolif10
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 13 January 2013 - 01:22 PM

Sorry for the late reply, I am so busy....
Greatly appreciate all the help, though!

@ComputerMedic2013:

I cannot find the window you are referring to, after right clicking on Wireless Network Connection and opening up properties, I'm not too sure where to go next (sorry if I'm missing the obvious, really not good at this part of the computer).

@narenxp

Here you are:

Farbar Service Scanner Version: 05-01-2013
Ran by Caleb (administrator) on 13-01-2013 at 13:08:13
Running from "C:\Users\Caleb\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 20:29] - [2013-01-06 21:39] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 13 January 2013 - 05:05 PM

Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

sfc /scanfile=c:\windows\system32\drives\afd.sys

After scan finishes ,press Windows+R key and type

regedit and click ok

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Download

http://download.bleepingcomputer.com/win-services/7/LEGACY_AFD.reg

Launch it and click YES

Restart the PC and post the new FSS log

#6 ComputerMedic2013

ComputerMedic2013

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springvale, ME
  • Local time:12:00 PM

Posted 13 January 2013 - 05:27 PM

Dear ascrolif10,

No wonder you ran into an issue, I deeply apologize, a portion of the instructions were missing:

"You can open up your network and sharing center --> click on change adapter settings / manage network connections --> right click on your Wireless network connection / Local area connection ( whichever you use to connect to the internet )" Then right click on that icon. Left click on properties, now you should be on the "general tab". Locate Internet protocol version 4 ( TCP/IP v4 ) and click on the text itself, it should highlight in blue. Click on the properties button. Change the selection from "obtain IP address automatically" to "Use the following IP address" or something to that extent. Try either of the above IP addresses in that field, subnet should automatically calculate. If not it will be a subnet mask of 255.255.255.0. Change the DNS settings to "use the following DNS server addresses" Use the DNS addresses found above in the post (Google's public DNS's).

Just hoping that you will have the ability to go back online again to do what you need to do. It will take posting the above information back to us easier. Let us know how you make out.

btw, you may benefit from reading this article from Microsoft Technet regarding your broken windows services as well:
http://blogs.technet.com/b/asiasupp/archive/2011/12/27/error-code-0x80070424-with-windows-firewall-and-quot-base-filtering-engine-service-quot-not-available-in-services-database-list.aspx

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 13 January 2013 - 05:59 PM

ComputerMedic2013

The issue is different and in no way related to adapter settings and link you gave is not for this specific issue.

Edited by narenxp, 13 January 2013 - 06:00 PM.


#8 ComputerMedic2013

ComputerMedic2013

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springvale, ME
  • Local time:12:00 PM

Posted 13 January 2013 - 06:31 PM

narenxp
True and true. Just offering a temporary work-around and satisfying the original request of:

"Internet not connecting after using ComboFix!"

The provided link may be helpful if Windows Defender, Firewall or Base Filtering Engine produces an error 0x80070424 which to my knowledge may have been an issue in the past when recovering from this infection. But indeed, the link posted is not intended to be the direct solution.

Edited by ComputerMedic2013, 13 January 2013 - 06:32 PM.


#9 ascrolif10

ascrolif10
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 13 January 2013 - 09:50 PM

Again, thanks for all the help! I apologize for the very infrequent replies.

@narenxp

I typed the command into the cmd window and it said: "Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.log windir/Logs/CBS/CBS.log. For example C:\Windows\Logs\CBS\CBS.log. The system file repair changes will take effect after the next reboot."

So after that, I opened regedit and located the root folder. I got as far as the "Permissions for Everyone" but it's not letting me give full control. It replies with a popup window saying something along the lines of "Access is Denied".

@ComputerMedic2013

After getting to the window with the "General" tab, I still can't find what you're looking for (sorry!). Like, I've opened and examined in great detail every single clickable field that can be clicked and I haven't been able to find it. I do know what screen you are trying to find though, I've seen it before but I always forget how to get to it.

Edited by ascrolif10, 13 January 2013 - 09:53 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 13 January 2013 - 11:23 PM

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on Advanced

Click on owner tab

Select the account in which you are logged in as owner

Place a tick on Replace owner on subcontainers and objects

Now try to add everyone to the security tab

#11 ComputerMedic2013

ComputerMedic2013

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springvale, ME
  • Local time:12:00 PM

Posted 14 January 2013 - 05:53 AM

After you are in Network and Sharing Center, click on change adapter settings on the left. Then right click on your wireless network connection. Click on properties. Then if you do not see internet protocol version 4 tcp/ip v4, click on the properties button again on the general tab. This should open up another box with a networking tab and sharing tab. On the networking tab, locate internet protocol version 4 tcp/ip v4. Click on the text itself, then click on properties. This should bring you to the screen where you can input the IP and DNS settings.

Posted Image

Posted Image

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 14 January 2013 - 11:03 AM

ascrolif10

Following multiple advices from different people at same time would screw up your PC. PC.If you want to follow the advice of ComputerMedic2013 let me know,i would stop helping you.I dont want to interfere when others are helping you.

Edited by narenxp, 14 January 2013 - 11:09 AM.


#13 ComputerMedic2013

ComputerMedic2013

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springvale, ME
  • Local time:12:00 PM

Posted 14 January 2013 - 12:18 PM

ascrolif10 and narenxp

I fully support narenxp's help, he has helped alot of other folks and I would humbly end my posts after this one if desired.

I have refrenced his materials in the past and what he will suggest will more than likely fix your root issue, rather that me trying to assist you in getting back online.

Sorry for the confusion

#14 ascrolif10

ascrolif10
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 14 January 2013 - 05:47 PM

@narenxp

So here's how it's going so far: I've left the computer for a day and coming back, I have found out to my surprise that it isn't giving me "Access is Denied" anymore.

Just to be sure, I can just select "Full Control" and press OK? Reason I'm so cautious is because the selecting owner gives some other error but this works now.

https://www.dropbox.com/s/4k3zlhhmlahnjdh/TEMP (for some reason I can't just insert the picture here, that's really annoying I know... you can just open it with windows photo viewer it's supposed to be a JPEG.)

Continue? I want to be absolutely 100% sure, I know editing the registry wrong can be a fatal mistake.

@ComputerMedic2013

Well, I do want to find the root problem so I think I'll go with naren's solution. I'm going to keep your instructions saved somewhere else though if some similar situation arises again. Thank you!

Edited by ascrolif10, 14 January 2013 - 05:48 PM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:00 PM

Posted 14 January 2013 - 06:46 PM

ascrolif10

Go ahead and edit it.

ComputerMedic2013

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users