Mattd240

there is startup repair, system restore, system image recovery, windows memory diagnostic, and command prompt

also, in the instructions, it says click on protocol, but it doesn't specify if its v6 or v4

i changed the 0xa0 to 0x80, but when i go to save it, it says access denied.

Negative

ran the program and the problem persists. still no ipsec.sys file.

still nothing :/

is there a place I can download that file? or must i use a windows cd to get it?

well i did that, and its still not showing this computer has that file.

is that the same procedure for windows 7? because i don't have vista

well the computer im on right now is running windows 7 home edition, but it doesnt have that file either?

i do have access to a windows 7 cd. i would have to go to my cousin's house tomorrow to get it however.

SystemLook 30.07.11 by jpshortstuff Log created at 17:17 on 28/11/2011 by Matthew Administrator - Elevation successful ========== filefind ========== Searching for "ipsec.sys" No files found. -= EOF =-

here we go. did it wrong the last post haha Query Services version 2 ... [sC] QueryServiceConfig SUCCESS SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : NSI : Tdx : Afd SERVICE_START_NAME : NT Authority\LocalService SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 1075 (0x433) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER START_TYPE : 0 BOOT_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 3 DISPLAY_NAME : TCP/IP Protocol Driver DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] QueryServiceConfig SUCCESS SERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : System32\DRIVERS\netbt.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 87 DISPLAY_NAME : NetBT DEPENDENCIES : Tdx : tcpip SERVICE_START_NAME : SERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\netbios.sys LOAD_ORDER_GROUP : NetBIOSGroup TAG : 2 DISPLAY_NAME : NetBIOS Interface DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP NetBIOS Helper DEPENDENCIES : NetBT : Afd SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 1075 (0x433) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tdx : nsi SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1160 FLAGS : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IPsec Policy Agent DEPENDENCIES : Tcpip : bfe SERVICE_START_NAME : NT Authority\NetworkService SERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] QueryServiceConfig SUCCESS SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server DEPENDENCIES : SamSS : Srv SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 1068 (0x42c) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. [sC] QueryServiceConfig SUCCESS SERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) DEPENDENCIES : RpcEptMapper : DcomLaunch SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 756 FLAGS : NetworkDetails2.txt

ComboFix 11-11-27.02 - Matthew 11/27/2011 21:36:28.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1331 [GMT -8:00] Running from: F:\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))) . . 2011-11-28 05:44 . 2011-11-28 05:44 -------- d-----w- c:\users\Mcx1-MATT\AppData\Local\temp 2011-11-28 05:44 . 2011-11-28 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-16 11:13 . 2011-11-16 11:13 -------- d-----w- c:\users\Matthew\AppData\Roaming\DEE13 2011-11-16 11:13 . 2011-11-16 11:13 96256 ----a-w- c:\users\Matthew\AppData\Roaming\Microsoft\FBA8\7E43.tmp 2011-11-16 11:13 . 2011-11-16 11:13 -------- d-----w- c:\users\Matthew\AppData\Roaming\R9hYXwjUVlBzNc1 2011-11-16 11:13 . 2011-11-16 11:13 -------- d-----w- c:\users\Matthew\AppData\Roaming\qvD2obF4pGsJdKf 2011-11-16 11:08 . 2011-11-16 11:08 96256 ----a-w- c:\users\Matthew\AppData\Roaming\Microsoft\FBA8\708D.tmp 2011-11-16 11:07 . 2011-11-16 11:07 -------- d-----w- c:\users\Matthew\AppData\Roaming\SA1ivD2on4m5Q 2011-11-16 11:07 . 2011-11-16 11:07 -------- d-----w- c:\users\Matthew\AppData\Roaming\jgRZqhYXwUeOtPy 2011-11-16 10:58 . 2011-11-16 11:07 -------- d-----w- c:\users\Matthew\AppData\Roaming\888DE 2011-11-16 10:58 . 2011-11-16 10:58 -------- d-----w- c:\users\Matthew\AppData\Roaming\OllOONttxP 2011-11-16 10:58 . 2011-11-16 10:58 -------- d-----w- c:\users\Matthew\AppData\Roaming\JuuucSS1ibD3nGa 2011-11-16 10:58 . 2011-11-16 10:58 -------- d-----w- c:\users\Matthew\AppData\Roaming\PIBBttzPNyc 2011-11-16 10:58 . 2011-11-16 11:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\GhhYYXwwkU 2011-11-16 10:58 . 2011-11-16 10:58 -------- d-----w- c:\users\Matthew\AppData\Roaming\C0yyccS1ivD3nFa 2011-11-15 11:19 . 2011-11-15 11:23 -------- d-----w- c:\users\Matthew\AppData\Local\Microsoft Games 2011-11-14 09:46 . 2011-11-17 07:00 -------- d-----w- c:\users\Matthew\AppData\Local\ElevatedDiagnostics 2011-11-13 11:13 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BB7DD3D-4C06-49CC-B8D3-3908FDA7D245}\mpengine.dll 2011-11-13 07:18 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-10 06:08 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 06:08 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 06:08 . 2011-09-29 04:20 2339840 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-29 05:13 . 2011-10-29 05:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-14 21:40 . 2011-06-30 06:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 04:32 . 2011-10-03 04:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-03 04:32 . 2011-10-03 04:32 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-03 04:32 . 2011-10-03 04:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-03 04:32 . 2011-10-03 04:32 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-09-16 07:46 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-09-01 02:35 . 2011-10-14 17:30 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28 . 2011-10-14 17:30 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22 . 2011-10-14 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-11 01:00 . 2011-05-03 04:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2008-12-24 1540288] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-11-14 10:27 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-04 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ild90rp5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://sandiego.craigslist.org/search/sss?query=240sx&catAbb=cto&srchType=T&minAsk=&maxAsk=&hasPic=1 FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-27 21:45:57 ComboFix-quarantined-files.txt 2011-11-28 05:45 ComboFix2.txt 2011-11-25 11:11 ComboFix3.txt 2011-11-22 11:26 ComboFix4.txt 2011-11-22 10:27 . Pre-Run: 4,402,675,712 bytes free Post-Run: 4,352,135,168 bytes free . - - End Of File - - 1461AC6FCF66C20B8FF2F04B5C6C1EBF and the computer behaves perfectly fine. the only problem is that the internet doesnt work.