Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: shaolindan on August 14, 2012, 02:41:25 PM
-
I have friend with a pc running Windows XP service pack 3 that started going to some weird sites on IE. It had MSE running which then stated that it was switched off and wouldn't start again. So I uninstalled and put avast free on. I also put on super anti-spyware and malbytes malware. All 3 scanned and found various things. (spyware first, avast second, malware third). Avast then scanned again and did a boot time scan which found and quarantined about 30 things, which i then cleared out. Now chrome started to behave strangely and IE now wouldn't load any pages. So I did another set of scans which finished with a boot time avast scan - now avast says web shield and mail shield are switched off - fix now and turn on have no effect.
I have tried Kaspersky TDSSKiller, Avast Anti-Rootkit and GMER. (locked files are sptd.sys and safeboot.sys).
no joy. Tried re-installing MSE - wont connect to the net for updates - so wont work - wont scan as service isnt installed. (now uninstalled again.
I suspect this PC has quite a devious rootkit/trojan/malware combo. Can anyone help?
-
When you suspect something like a rootkit, you have to exercise extreme caution as incorrect removal of malware found can have serious consequences. The more anti-virus applications you install the more likely you are going to have conflict issues even after removal there may be remnants.
The problem with the mail and web shields could be one or it could be your firewall blocking avastSvc.exe. What is the firewall on this XP system ?
Uninstall possible remnants of previously installed AVs see, http://singularlabs.com/uninstallers/security-software/ (http://singularlabs.com/uninstallers/security-software/), this has a collection of manufactures removal tools, so that should remove any remnants, registry, etc.
####
This probably needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
-
Windows firewall won't start. There isn't a firewall on the router. Avast did work previously on this computer on this network.
Here are the logs from the last few days from mbam, aswmbr and otl. I will also post again in a minute with the anti spyware logs.
A new symptom - outlook won't start.
So I have now disabled the network.
-
Here are the super anti-spyware logs.
-
A malware removal specialist has been informed of your topic.
Please just stick to the scans requested in the "information on Logs to assist in cleaning malware" topic or those requested by the malware removal specialist.
-
I thought they would be of interest as they do list 1067 files found - mostly cookies but some trojans which were removed.
-
Cookies are not a security issue, you should block third party cookies in your browser and periodically clear your cookies, browser settings can be set to clear history/cookies/cache on closing the browser. That however means some sites that require cookies to remember your settings etc. won't remember them.
-
Any help, chaps?
-
Now Outlook won't start. Turned the network adaptor back on - but it won't connect to the internet anymore. When I hit 'repair' in the adaptor it says can't access TCP/IP stack.
Run MBAM in safe mode - found nothing... :-\
-
You'll need to wait for one of the specialists. :)
-
The malware removal specialists are volunteers and have other commitments too (work), so in that limited time they can be very busy at times.
As irksome as it is, there will be delays due to differing time zones and availability of the volunteer malware removal specialists.
-
Hi there we have a nice assortment here of various rootkits and trojans
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0HTBB6X5\B-Service.exe -- (B-Service)
SRV - File not found [Auto | Stopped] -- C:\windows\TEMP\ayvirrdbup.exe service -- (0040331241683126mcinstcleanupAlerter)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\004033~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0040331241683126mcinstcleanup)
SRV - [2012/06/06 09:16:00 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
DRV - File not found [Kernel | Auto | Stopped] -- C:\windows\system32\drivers\yfxsjiq.sys -- (tdpqhhzhczmx)
DRV - File not found [Kernel | System | Stopped] -- system32\rbadma.sys -- (rbadma)
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\ilnqjbvl.sys -- (ilnqjbvl)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/06 11:33:26 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.2\bh\facemoods.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.2\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3155757178-1639063472-2327323849-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.2\facemoodssrv.exe" /md I File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\tbhcn.lnk = C:\Documents and Settings\Administrator\Application Data\BrowserCompanion\tbhcn.exe ()
:Reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}]
:Files
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
C:\Program Files\facemoods.com
C:\Program Files\Web Assistant
C:\Documents and Settings\Administrator\Application Data\BrowserCompanion
C:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Documents and Settings\LocalService\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- Allow the installation of the recovery console
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
NEXT
Right click the link below and select Save As... to your desktop
https://dl.dropbox.com/u/73555776/BITSxp.reg
Double click the reg file and allow to merge
Reboot
FINALLY
Download AdwCleaner from here (http://general-changelog-team.fr/en/tools/15-adwcleaner) to your desktop
Run AdwCleaner and select Delete
(https://dl.dropbox.com/u/73555776/AdwCleaner.GIF)
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
-
OTL stops at 'Killing Processes - Don't interrupt' and just sits there. I left it over night.
Should I uninstall MBAM first?
I only ask that as if I go through task manager and start killing processes, when I kill MBAM - the mouse still works but you can't click on anything or get any response from the keyboard. Maybe this is what is happening when OTL stops MBAM???!?
-
OK. It looks like it was MBAM as once I uninstalled it and rebooted - OTL ran fine.
I have attached the log files.
Computer seems a lot faster now and the browsers pop up with out incidence.
However a) Outlook still won't start - I get a window that says "Cannot start Office Outlook. Cannot open the Outlook Window. The set of folders cannot be opened. The information store could not be opened."
b) I've reinstalled Avast - Network, Mail and Web Shield will not start.
-
Combo fix log broken into two parts...
-
second part
-
Could you re-run combofix please as the last portion was corrupted
For the Outlook problem
Go Start-Run and type in :
Outlook.exe /resetnavpane (Notice the space between exe and /)
What error do you get for Network shield and Mail shield
-
Combo-fix comes up with a window that says "No windows recover console found. Without this it will not be possible to fix more serious errors" Would you like Combo-fix to download and install this? This will require internet access.
Unfortunately that machine still doesnt have internet access. Ipconfig wont even work.
using the /resetnavpane line starts outlook but results in a pop up window saying exactly the same thing.
Can I get windows recovery console from this computer and put it on a memory stick?
-
Oh and the error when I hit the 'fix this' button on avast is a pop up that says "The following components can not be started. Network Shield"
-
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.
***************************************************
Download ComboFix from one of these locations:
Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix)
Link 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft's website => http://support.microsoft.com/kb/310994 (http://support.microsoft.com/kb/310994)
Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.
Note: If you have SP3, use the SP2 package.
---------------------------------------------------------------------
Transfer all files you just downloaded, to the desktop of the infected computer.
--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif)
- Drag the setup package onto ComboFix.exe and drop it.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
- At the next prompt, click 'Yes' to run the full ComboFix scan.
- When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
-
Sorry - but the link for the sp2 xp download doesn't work.
I have tried searching - but I can't find anything.....
-
http://www.microsoft.com/en-us/download/details.aspx?id=25129 is the cd for service pack 3. Is that any use?
-
http://www.2shared.com/complete/Wn3d9Jl_/WindowsXP-KB310994-SP2-Pro-Boo.html
That might do it...
-
Here ya go. Dont think the console installed though.
-
That didn't work for the console but i have found an xp cd. Can i grab it from there?
-
After combofix starts - it says it needs recovery console and asks if it can install. I say yes and it says 'Boot Partition cannot be enumerated correctly'
-
OK lets use a different programme to check the MBR, how is the computer at the moment ?
- Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it on your desktop.
- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on Scan
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png)
- Wait for the end of the scan.
- The report has been created on the desktop.
- Click on the Delete button.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png)
- The report has been created on the desktop.
- Next click on the ShortcutsFix
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png)
- The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
-
OK. I've done that.
I actually tried the dns and host fix too. But it didn't seem to make any difference.
I have attached the logs.
-
Oh and the fix shortcuts....
-
Nope but it has shown an anomoly
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(http://dl.dropbox.com/u/73555776/TDSSFront.JPG)
- Then click on Change parameters.
(http://dl.dropbox.com/u/73555776/TDSSConfig.JPG)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(http://dl.dropbox.com/u/73555776/TDSSFound.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(http://dl.dropbox.com/u/73555776/TDSSEnd.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
-
Well over the 10000 character limit so I have attached the log.
-
All your permissions are messed up by the look of it
Download subincal from here http://majorgeeks.com/Microsoft_SubInACL_SubInACL.exe_d7733.html and install
Download reset.zip from here https://dl.dropbox.com/u/73555776/reset.zip
Extract reset.cmd to your desktop and run
THEN
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
(https://dl.dropbox.com/u/73555776/waio%20start.JPG)
Go to step 3 and allow it to run SFC
(https://dl.dropbox.com/u/73555776/waio%20step3.JPG)
On the start repairs tab click start
(https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG)
Select the following items and tick restart system when finished
(https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG)
-
I've attached the logs.
Still no joy. No outlook or network. IE and Chrome still cant access the net.
Avast Web and Mail Shield won't start. (Although now the network shield is running?!?).
-
And the rest of the logs...
-
last one...
-
OK it appears that shared access is not running
run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(https://dl.dropbox.com/u/73555776/FSS.GIF)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 17-08-2012 at 16:18:01
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys
[2006-02-28 03:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(10) Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000009000000080000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.
**** End of log ****
-
Download Complete Internet Repair (http://www.datum-forensics.com/down/comintrep.exe) to your desktop
Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom
(https://dl.dropbox.com/u/73555776/Int%20repair.JPG)
-
Mostly....
-
Could you now run FSS again please
-
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 20-08-2012 at 09:13:09
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys
[2006-02-28 03:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(10) Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000009000000080000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.
**** End of log ****
-
Could you re-run FSS please and in the search box type :
IpSec
Then press Export Service
A notepad will be generated post that here
-
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\IpSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
00,73,00,79,00,73,00,00,00
"Group"="PNP_TDI"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\IpSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
-
Once this has run then test the internet please to ensure that it works
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Here it is...
-
Are you able to get online now ?
-
The network (LAN) icon comes up and says it is connected. But nothing on a browser.
Do you want an ipconfig?
-
Could you go here and run the MSFixit about halfway down http://support.microsoft.com/kb/949377