[roxerz]

Hello, just a few days ago, i had some issues with some viruses that infected computer. During that time, i was able to connect to the Internet (although slow due to the viruses) and was able to download SuperAntiSpyware to remove these viruses. But after SAS apparently removed these viruses and rebooted my computer, these viruses seemingly managed to return somehow. After a couple more tries to remove them, i was finally successful. But, when i logged back on and tried to use the Internet, both IE and FireFox were unusable. The error "Server not found" is what i see each time i try to connect to the Internet. The odd part is: i'm connected to the Internet and my other wireless devices receive wifi except my computer. My worry is that the anticirus may have deleted something important along with the virus, that allowed me Internet connection. Mind you i can not use any Internet whatsoever. So downloading any program to help me, might be practically impossible. I've already read other threads concerning this issue and none have helped. I've checked that the settings on my Internet are on no proxy. If anyone can help me it would be much appreciated. Thanks.

[Elvandil]

Since you have IE, I assume you are running some version of Windows. They vary somewhat is how they implement networking.

[roxerz]

Well it's hard to tell since i can't use my Internet at all on my computer. So far i've tried number of methods to resolve this issue, but i haven't had any luck so far.

[Cookiegal]

The programs likely removed a driver and/or registry keys needed to connect and I doubt the machine is clean yet.

You will need to transfer some small tools/programs to the infected computer via USB flash drive.

Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.

• Make sure only the following option is checked:
  • Internet Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
• Please copy and paste the log to your reply.

[roxerz]

Quote:

Originally Posted by Cookiegal

The programs likely removed a driver and/or registry keys needed to connect and I doubt the machine is clean yet.

You will need to transfer some small tools/programs to the infected computer via USB flash drive.

Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.

• Make sure only the following option is checked:
  • Internet Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
• Please copy and paste the log to your reply.

Alright, sorry if i'm a tad bit late with posting the log, i just have to make an arrangement with a friend to use her computer. I'll post that log ASAP.

[roxerz]

Quote:

Originally Posted by Cookiegal

The programs likely removed a driver and/or registry keys needed to connect and I doubt the machine is clean yet.

You will need to transfer some small tools/programs to the infected computer via USB flash drive.

Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.

• Make sure only the following option is checked:
  • Internet Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
• Please copy and paste the log to your reply.

Alright, i've got the USB and everything. How do i transfer the program to my USB? Sorry for being such a newbie at this, haha.

[roxerz]

Quote:

Originally Posted by Cookiegal

The programs likely removed a driver and/or registry keys needed to connect and I doubt the machine is clean yet.

You will need to transfer some small tools/programs to the infected computer via USB flash drive.

Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.

• Make sure only the following option is checked:
  • Internet Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
• Please copy and paste the log to your reply.

As ordered:
Farbar Service Scanner
Ran by christopher hichez (administrator) on 27-12-2011 at 12:16:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000

**** End of log ****

[Cookiegal]

We need to replace a file that's missing from the drivers folder with one from another location and also repair the registry so please do the following:

Please run Farbar Service Scanner again.

Type the following in the edit box after Search

ipsec.sys

Click the Search Files button and post the log (FSS.txt) it makes to your reply.

[roxerz]

Quote:

Originally Posted by Cookiegal

We need to replace a file that's missing from the drivers folder with one from another location and also repair the registry so please do the following:

Please run Farbar Service Scanner again.

Type the following in the edit box after Search

ipsec.sys

Click the Search Files button and post the log (FSS.txt) it makes to your reply.

Here ya go:
Farbar Service Scanner
Ran by christopher hichez (administrator) on 27-12-2011 at 14:06:45
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "ipsec.sys" ===================

C:\WINDOWS\system32\dllcache\ipsec.sys
[2009-01-12 14:41] - [2008-04-13 14:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2009-01-12 14:41] - [2008-04-13 14:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-01-17 11:24] - [2004-08-10 06:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\i386\ipsec.sys
[2009-01-13 03:34] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

====== End Of Search ======

[Cookiegal]

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

[roxerz]

Quote:

Originally Posted by Cookiegal

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

Quick question: I have service pack 3.. should i just go ahead and download service pack 2 or 1?

[Cookiegal]

Service Pack 2.

[roxerz]

Okay so here's the issue: I don't know which one to download, because i can't determine whether my OS is home edition or professional. I've booted my computer up to see which edition i have, but i don't think it has any specific edition. Which one do you think i should download?

[Cookiegal]

Right-click My Computer and select properties. What does it say there under System?

[roxerz]

I have the Media Center Edition.