TechSpot

Scvhost.exe Trojan.Host issue that is killing me!!!

Solved
By alan123
Dec 16, 2012
  1. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    So, this is my problem now... When I allow my wireless to <log on> it appears to connect to the network but cannot identify the network. It does the same thing when I plug in the computer to the network using the ethernet cable. I ran the trouble shooter while it was plugged in and the message was: "windows could not automatically detect network proxy settings". At the same time Malwarebyte blocked the trojan agent from file: c:\TDSSkiller_quarantine\17.12.2012\mbr000\tdlfs\tsk002.dfa Trojan.Agent.

    Any ideas what is going on?
     
  2. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  3. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    OK. I dont have my flash drive with me to transfer the files. Will do it within the next hour or so. I will assume at this point not to complete the previous task of downloading and running OTL and to do this instead.

    Thanks again!
     
  4. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Right.
     
  5. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    Farbar Service Scanner Version: 10-12-2012
    Ran by Alan (administrator) on 19-12-2012 at 23:15:58
    Running from "C:\Users\Alan\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.
    afd Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 21:52] - [2012-12-18 21:30] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885
    ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  6. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Very well...

    Let's start with missing system file.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      afd.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  7. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:12 on 20/12/2012 by Alan
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "afd.sys"
    C:\Windows\System32\drivers\AFD.SYS --a---- 22368 bytes [05:52 16/02/2012] [05:30 19/12/2012] 42B7E1AA0C7EC54652A50585793F1885
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [20:13 16/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [05:52 16/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [20:13 16/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [05:52 16/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [18:07 26/05/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [20:13 16/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [05:52 16/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [20:13 16/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [05:52 16/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB
    -= EOF =-
     
  8. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Download following fix: http://www.bleepstatic.com/fhost/uploads/1/fix.bat to your Desktop.

    Restart computer in Safe Mode.
    Double click on downloaded fix.bat file to run the fix.
    Command prompt window will open.
    You should see following message:
    "1 file(s) copied"
    In that case press any key to close command prompt window.
    If you see any error message let me know.

    Restart computer in normal mode and post new FSS log.
     
  9. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    Farbar Service Scanner Version: 10-12-2012
    Ran by Alan (administrator) on 20-12-2012 at 17:47:54
    Running from "C:\Users\Alan\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.
    afd Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 21:52] - [2011-12-27 20:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  10. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    There were no errors
     
  11. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    That looks better.
    We still have one registry key missing though...

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

    Download PsExec.exe to your desktop (IMPORTANT!)
    Go Start and in "Start search" type in:
    cmd
    Hold CTRL and SHIFT keys, press Enter.
    Command prompt window will open.
    Copy and paste following command:

    "%userprofile%\desktop\psexec" -I -d -s c:\windows\regedit.exe

    Press Enter.
    Registry Editor will open.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.
    Download Vista.zip Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip downloaded file.
    You'll find several files inside.
    Double-click afd.reg and confirm the prompt.
    Double-click LEGACY_AFD.reg and confirm the prompt.
    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    Post new FSS log.
     
     
  12. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    At this point:

    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Should I leave <read> checked to <allow>? or uncheck it? It was already checked.
     
  13. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Leave it as it is.
     
  14. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    Farbar Service Scanner Version: 10-12-2012
    Ran by Alan (administrator) on 20-12-2012 at 19:18:35
    Running from "C:\Users\Alan\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 21:52] - [2011-12-27 20:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  15. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Is your connection back?
     
  16. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    It shows that I am connected to the internet but I cannot connect to any sites when I open up explorer I cannot navigate to any sites. It states that there is a connection problem
     
  17. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    I tried firefox as well. nothing. Just a blank page
     
  18. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    Click Go and post the result.
     
  19. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    MiniToolBox by Farbar Version: 25-11-2012
    Ran by Alan (administrator) on 20-12-2012 at 19:51:15
    Running from "C:\Users\Alan\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= Flush DNS: ===================================
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========================= IE Proxy Settings: ==============================
    Proxy is not enabled.
    No Proxy Server is set.
    ========================= FF Proxy Settings: ==============================
    "network.proxy.type", 0
    ========================= Hosts content: =================================
    127.0.0.1 localhost
    ========================= IP Configuration: ================================
    Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
    Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
    PdaNet Broadband Adapter = Local Area Connection 2 (Media disconnected)
    Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    reset
    set global

    popd
    # End of IPv4 configuration

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : Alan-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    Wireless LAN adapter Wireless Network Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : C4-17-FE-DB-B4-91
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Ethernet adapter Local Area Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : PdaNet Broadband Adapter
    Physical Address. . . . . . . . . : 00-26-37-BD-39-42
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Ethernet adapter Local Area Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
    Physical Address. . . . . . . . . : B8-AC-6F-52-B3-38
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
    Physical Address. . . . . . . . . : C4-17-FE-DB-B4-91
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::a1e7:b4ae:f80f:a0f2%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Thursday, December 20, 2012 7:17:25 PM
    Lease Expires . . . . . . . . . . : Friday, December 21, 2012 7:31:55 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 197400574
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-22-18-C3-B8-AC-6F-52-B3-38
    DNS Servers . . . . . . . . . . . : 209.18.47.61
    209.18.47.62
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter Local Area Connection* 12:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{A4B019E3-1BA1-4A7C-9A39-4B3B65F7618B}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 9:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{964044E1-667B-4E68-A362-75DFFBCBFABD}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 209.18.47.61
    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: 209.18.47.61
    Ping request could not find host yahoo.com. Please check the name and try again.
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
    Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 6ms, Average = 4ms
    ===========================================================================
    Interface List
    23...c4 17 fe db b4 91 ......Microsoft Virtual WiFi Miniport Adapter
    13...00 26 37 bd 39 42 ......PdaNet Broadband Adapter
    11...b8 ac 6f 52 b3 38 ......Realtek PCIe FE Family Controller
    10...c4 17 fe db b4 91 ......Dell Wireless 1397 WLAN Mini-Card
    1...........................Software Loopback Interface 1
    24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
    25...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
    28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
    ===========================================================================
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
    192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
    ===========================================================================
    Persistent Routes:
    None
    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    10 281 fe80::/64 On-link
    10 281 fe80::a1e7:b4ae:f80f:a0f2/128
    On-link
    1 306 ff00::/8 On-link
    10 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================
    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448984] (PC Tools Research Pty Ltd.)
    ========================= Event log errors: ===============================
    Application errors:
    ==================
    Error: (12/20/2012 07:14:00 PM) (Source: Application Error) (User: )
    Description: Faulting application name: pctsSvc.exe, version: 7.0.0.147, time stamp: 0x4ce59256
    Faulting module name: SystemMonitor.sdp, version: 7.0.0.169, time stamp: 0x4cef4d8f
    Exception code: 0xc0000005
    Fault offset: 0x0000e67d
    Faulting process id: 0x910
    Faulting application start time: 0xpctsSvc.exe0
    Faulting application path: pctsSvc.exe1
    Faulting module path: pctsSvc.exe2
    Report Id: pctsSvc.exe3
    Error: (12/20/2012 07:13:29 PM) (Source: Schedule) (User: )
    Description: Schedule error: 87Initialize call failed, bailing out
    Error: (12/20/2012 05:45:52 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/20/2012 05:03:10 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/19/2012 11:09:40 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/19/2012 07:31:41 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/19/2012 02:32:44 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/18/2012 09:54:31 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/18/2012 09:46:53 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out
    Error: (12/18/2012 07:28:30 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 20183581

    System errors:
    =============
    Error: (12/20/2012 07:49:04 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:48:18 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:47:04 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:46:12 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:42:02 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:41:12 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:40:04 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:39:04 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:35:28 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87
    Error: (12/20/2012 07:34:04 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%87

    Microsoft Office Sessions:
    =========================
    Error: (09/16/2012 05:38:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38925 seconds with 4080 seconds of active time. This session ended with a crash.
    Error: (03/08/2012 10:25:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 903903 seconds with 31860 seconds of active time. This session ended with a crash.
    Error: (12/03/2010 03:30:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 133 seconds with 0 seconds of active time. This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
    Date: 2012-12-17 21:07:23.405
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2012-12-17 21:07:23.279
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ========================= Devices: ================================

    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    There is some connection as pinging Yahoo works.

    Can you check if your browsers work with ethernet cable connected?

    Also....

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
     
  21. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    I ran all the protocols above. Still not working. says that it is connected but doing the same thing- not loading any pages
     
  22. Broni

    Broni Malware Annihilator Posts: 48,011   +271

     
  23. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    Sorry. Forgot to mention that I have been doing this both with wireless and ethernet cable. Internet works fine on desktop.
     
  24. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    I'm not really sure what's going on here.
    Your settings seem to be OK, FSS log looks good.

    Try to use restore point Combofix created around 12/17/2012 20:58:12
     
  25. alan123

    alan123 TS Rookie Topic Starter Posts: 47

    I am not sure what is going on! I have created 2 system restore points and for some reason it is saying that I dont have any restore points saved????

    When I go to networking it says that I am connected to the internet. I have dropbox as well and tried to open that to see if it is connected. It is not. This is both connected with ethernet or wireless. I was going to delete explorer and reinstall but it is happening with firefox and not connecting to dropbox.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.