Author Topic: Web and Mail Shield won't start  (Read 22023 times)

0 Members and 1 Guest are viewing this topic.

shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #30 on: August 17, 2012, 03:02:17 PM »
Well over the 10000 character limit so I have attached the log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #31 on: August 17, 2012, 03:10:45 PM »
All your permissions are messed up by the look of it

Download subincal from here http://majorgeeks.com/Microsoft_SubInACL_SubInACL.exe_d7733.html and install
Download reset.zip from here https://dl.dropbox.com/u/73555776/reset.zip
Extract reset.cmd to your desktop and run

THEN

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished


shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #32 on: August 17, 2012, 04:52:09 PM »
I've attached the logs.

Still no joy. No outlook or network. IE and Chrome still cant access the net.

Avast Web and Mail Shield won't start. (Although now the network shield is running?!?).


shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #33 on: August 17, 2012, 04:53:09 PM »
And the rest of the logs...

shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #34 on: August 17, 2012, 04:53:31 PM »
last one...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #35 on: August 17, 2012, 05:04:31 PM »
OK it appears that shared access is not running

run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #36 on: August 17, 2012, 05:20:05 PM »
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 17-08-2012 at 16:18:01
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys
[2006-02-28 03:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000009000000080000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.

**** End of log ****

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #37 on: August 17, 2012, 05:22:21 PM »
Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom



shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #38 on: August 17, 2012, 05:58:28 PM »
Mostly....

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #39 on: August 17, 2012, 07:36:25 PM »
Could you now run FSS again please

shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #40 on: August 20, 2012, 10:17:32 AM »
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 20-08-2012 at 09:13:09
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys
[2006-02-28 03:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000009000000080000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.

**** End of log ****

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #41 on: August 20, 2012, 04:05:21 PM »
Could you re-run FSS please and in the search box type :

IpSec

Then press Export Service
A notepad will be generated post that here


shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #42 on: August 20, 2012, 05:23:58 PM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\IpSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
  00,73,00,79,00,73,00,00,00
"Group"="PNP_TDI"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\IpSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Web and Mail Shield won't start
« Reply #43 on: August 20, 2012, 07:33:21 PM »
Once this has run then test the internet please to ensure that it works

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

shaolindan

  • Guest
Re: Web and Mail Shield won't start
« Reply #44 on: August 21, 2012, 06:18:39 PM »
Here it is...