Jump to content

Trying to update rules.ref on a computer with broken network connection


Recommended Posts

I first posted this question as a reply to an adjacent topic started by someone else... I'm not sure if it's seen that way, so I'm starting a new topic... sorry if this is breaking protocol.

I also have no internet access on a previously infected PC... so I installed MBAM on a working computer and let it upgrade. The working computer says 10/10/2011 ver 7918. I copied the rules.ref file from this working computer to a USB drive, then copied it into my previously infected PC in the exact same location after renaming the original rules.ref to rules.ref_org. MBAM still doesn't recognize it. When I view the update tab on the sick computer it still shows an 8/31/2011 date with version 7622.

I even went so far as to remove MBAM and then rerun from the setup file (mbam-setup-1.51.2.1300.exe) and then re-attempt the paste of rules.ref. Same result... the sick computer's mbam won't update past v7622 dated 8/31/2011.

Is there some addtional association or registration step needed to get this updated manually like I'm trying to do?

Link to post
Share on other sites

If you update the definitions manually, the database version won't be displayed correctly, this is normal. Nonetheless you are using the latest definitions :)

EDIT

I've just noticed that you have a topic open in Malware Removal. Please just follow the instructions by your helper, and do not run any scans or tools without specifically been asked to :)

Link to post
Share on other sites

  • Root Admin

Mystery is correct. Using those rules on the infected computer please do a Quick Scan and see if it finds anything or not.

There are some infections that are breaking the Network connection for some reason not sure why as that seems to defeat their purpose of trying to either get information from you or get you to buy their "fix".

Then assuming the actual infection has been removed follow the directions where you posted in the other topic (I removed that post for you since you posted here)

Please visit the following site and see if you can work through it and try their ideas on fixing the network adapter.

How to troubleshoot missing network connections icons in Windows Server 2003 and in Windows XP

If the infection has not been removed then you'll need to follow the directions below.

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    directions here
    , skipping any steps you are unable to complete. Then post a
    NEW topic here
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    expert helpers
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:

Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
support@malwarebytes.org
or
here
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

OK.. thanks for the two replies!

I just ran the MBAM quick scan on the previously sick computer that I had manually moved the updated rules.ref file to. Even tho it's log shows a

"Database version: 7622" I'm assuming it's using the current 7918 rules, right? The quickscan showed 0's for all items and no "malicous items detected".

So, from this am I cured of all malware? Is there something that I could still have that MBAM doesn't detect?

If I'm clean, my only remaining problem is the broken network connection, which broke during one of the steps of TDSkiller. My post over in the Malware removal forum where Screen317 (Chris) was helping me yesterday details much of this.

So where do we go from here? Do I post again in another forum for help with the network connection? If so, which one?

And I have followed all the steps of the "missing network connections icons" that you mention, even though that's not really my problem-- I have the icon-- it doesn't go anywhere. But it show's no IP details and gives a "failed to query" error when trying to "repair". And, of course, I can't get to the internet.

I've left several additional replies to my posts in the removal forum but haven't heard back yet on any of them.. Can you give them a quick read and shoot me in the right direction? I'd really appreciate it!

Thanks in advance!

Larry

Link to post
Share on other sites

  • Root Admin

Well not that I'm doubting you but I do find it difficult to believe that you finished all those tasks that quickly. I'm pretty fast with Windows and it would be hard for me to do all of them that quickly.

I understand your issue and I know its not a missing icon issue. Basically though the article will walk through many steps to attempt to fix the network adapter too. Though not all that is for sure.

What is the Make and exact Model of the computer and what OS are you running?

Link to post
Share on other sites

Oh... I was already onto that link for the disappearing icons before your post to me... that's how I got through them so quickly!! ;-) I've been working on this beast for 3 days straight now... and about 16 hours per day... ugggghhh

I'm running XP SP2 (but ready to upgrade to SP3 with a CD that I have... I want to get up to SP3 in order to run Msft's Security Essentials). If performing the upgrade is a viable step to take, then just say the word and I'll do it.

The machine is a homebrew configuration using an Intel D845GEBV2 motherboard with a P4 @ 2.66 Ghz and 2 GB RAM, a Maxtor 80 GB IDE HD and a CD drive. Pretty basic. The 10/100 ethernet networking is built into the motherboard.

I'm moving software into it via a 16GB Corsair USB flash drive (or burning CD's, as in the case of the impending SP3 upgrade).

Is that what you need?

Link to post
Share on other sites

  • Root Admin

No I would not recommend trying to install SP3 at this time with something broken on the computer like this.

Yes, it's possible it may fix it but it's also possible that it can fail and potentially cause the system to never startup again.

Please try downloading the following drivers from Intel (assuming they are correct for your motherboard) and install them. The Chipset driver first, then the LAN Driver.

Chipset: INF Update Utility for 845 Chipset-Based Intel Desktop Boards

LAN: Intel LAN Driver for 845/850 Chipset-Based Boards

You can also use SFC and see if that repairs missing or invalid files on Windows to get the network card working again.

Then if you do get the network card working don't forget you still need to download and install Service Pack 3

(I myself would recommend the full download rather than allowing Windows to pick which files to update via the Web).

Just don't do the update until this broken network card issue is fixed as I said before, a failed SP3 install could completely break the computer.

Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers

Link to post
Share on other sites

OK.. great minds think alike!!!

I've already applied the original motherboard drivers from the Intel driver disk that came with the motherboard. It installed chipset, audio, video, LAN, and application accelerator drivers. Do you see value in downloading the drivers you outlined from their site over the ones I installed from the original distribution disk? These drivers had been running for years (unless a windows update modified them somewhere along the way).

I ran a sfc /scannow about an hour ago... it reported nothing abnormal (I'm assuming it would tell me if it found something corrupted?)

I've already got the iso version of the full sp3 update downloaded and burned to CD. You'd typically use this one for upgrading multiple PC's so you don't have to wait for the huge downloads multiple times. Is the version you specify a better solution?

Lastly, I just finished trying a trick I read in one of my searches... I uninstalled the Intel network adaptor using the device manager. Shut down, entered BIOS and disabled the on-board LAN adapter. Booted up windows and confirmed that it had an empty Network Connections page. Then I shut back down, turned the adaptor back on in BIOS, booted windows and it recreated the network connection (now at #6). When I looked at status its the first time I saw it showing it sent 3 packets (nothing received), but when I checked properties, I saw that both IP4 and IP6 were loaded by default. Connection status still shows no IP info, Query failure still appears when attempting repair. I removed IP6 and rebooted and then we're right back to the original... 0 packets sent, 0 received, Query failure on repair. So, all of that changed nothing.

I do get an error when I run Start, Run, CMD and run netdiag /test:winsock /v -- the error is:

Failed to get information for a network adapter. The error occurred was: The pipe is being closed. <232> [FATAL] Cannot find TCP/IP configuration from the registry.

I've already run the Netsh winsock reset -- no help there either.

So, I've just downloaded Winsockfix and am getting ready to give it a try.

Any other thoughts?

Link to post
Share on other sites

  • Root Admin
I'm curious about the arrangement with these cases... is a case assigned to a particular tech and he/she sees it thru until the end? Since Screen317 has been the only person I've been communicating with, so am I to assume Screen317 is assigned to my case?

Yes that is correct. As you are in the middle of a HJT post you need to complete that with Chris before we continue on here. If he gives you the okay on the infection being gone then we can continue.

Link to post
Share on other sites

  • Root Admin

Once Chris does give you the all clear sign then something else we could try is to see if you can reapply the Service Pack 2 since the computer is already running that Service Pack level. Please do not install anything else or make any other drastic changes until you're finished with Chris though.

Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers

Link to post
Share on other sites

OK... here's the items attached.. sorry it takes a bit longer having to play sneakernet with the thumb drive.

I started this new post after mbam ran clean and after I posted those several replies to Chris (now over 24 hours ago) and haven't heard boo from him... I figured maybe he was off today so wasn't answering?

Look at the posts in the removal forum if you'd like.

In any event, here's the items you just asked for in your prior, which I guess you just removed? lucky I still have it open on my other puter here...

I can certainly wait on the winsockxpfix but will I hear from Chris yet tonight? Is he in? What's his schedule today and tomorrow?

Thanks again for your imput...

Larry

ntbtlog.txt

dds.txt

attach.txt

Link to post
Share on other sites

  • Root Admin

Chris may be off to bed by now. He is on Pacific Standard timezone but often doesn't work until later in the evening.

I've sent him an email to review your HJT post and this one and to provide feedback to you. I'm currently working on a batch file I will probably want you to run maybe tomorrow as it's getting quite late here.

Thanks and try to be patient... I'm sure we'll get it fixed.

In the mean time let me also review what you did post.

Link to post
Share on other sites

Oh jeeze.. my apologies... since I was talking with Chris til quite late Sunday night (early Monday morning) I figured he was a night guy... and my suspicions were being confirmed when nothing came from him during the daytime Monday. Yeah, I'm working double shifts on this but I certainly don't expect him to.. and that's why I was asking about structure and assignment so I could better anticipate when I could communicate, and if it could be with multiple techs.

I'm central time myself, so also quite late... should I hit the rack now and see who I can connect with tomorrow maybe about 11am central? Will that be Chris you think? Or you?

Many thanks once again!

Larry

Link to post
Share on other sites

  • Root Admin

You need to finish with Chris first before doing anything else otherwise we end up working against each other and then I'd end up closing all your posts. So please just finish up with Chris. I've sent him email already so I would expect to hear from him tomorrow some time.

Thank you

Link to post
Share on other sites

  • Root Admin

Please download, open, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive.

Batch file contents:

@echo off
echo Please post back the %SystemDrive%\NetworkDetails.txt on your next reply
echo.
cmd /c sc qc dhcp >%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\NetworkDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\NetworkDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\NetworkDetails.txt
pause

Here are the results of my running of the batch file on a Windows XP Home with Service Pack 2 installed.

[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1004
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD Networking Support Environment
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 5
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1204
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1124
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 664
FLAGS : RUNS_IN_SYSTEM_PROCESS
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1004
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1004
FLAGS :

GetNetworkInfo.zip

Link to post
Share on other sites

Good day!

Just so you now a bit more about flowhook.dll, I found it in a folder called NetExchange Pro 3.0 -- an application for the accounting industry. But I'm copying it up to Virustotal to give it a look-see. I'll post back with that once I've done it.

On to your batch file now... more in a bit...

Larry

Link to post
Share on other sites

OK.. I ~think~ I did want you wanted with flowhook.dll

I uploaded it to their site and they said it's already been done, but I hit "reanalyze" anyway. Once it was done, I expanded the results and then saved the page I was looking at via Firefox's "Save Page As" command, which produced the htm file that I've attached.

In case you can't read it (let me know either way in case we need to do this process again) I've also attached the dll itself (after compressing it into a zip since your site won't allow me to attach dll's to posts). Having done this, I'm assuming that if I didn't get you want you want via the htm file, or can't read that, I've given you the flowhook.dll file to allow you to run the analysis.... will that work?

Cheers!

Larry

virustotal_flowhook_dll.htm

FlowHook.zip

Link to post
Share on other sites

  • Root Admin

0/ 42 (0.0%) is the good part. Then you saying where it was from and what it was for is really what I was looking for. Thanks.

Had the company that wrote it actually either filled in the details or signed the file it would much easier to know what it is and where it came from.

Additional information

Show all

MD5 : d1859c07c4f5642f5faa1bc4481ed644

SHA1 : e6ced949ea9b7937195443b1930fe56f478bf603

SHA256: 5edfdcc58355997401771457a6594df5c47f5f611f1ca2df68280fdc802a06b4

ssdeep: 768:ETM4FoTZly3AwKKlKXlTXbSrilAbt8tD/AKnoGeG:WM9wKKUlTXbSrilMKr7oGe

File size : 57344 bytes

First seen: 2009-09-12 17:41:37

Last seen : 2011-10-11 18:20:07

TrID:

DirectShow filter (52.6%)

Windows OCX File (32.2%)

Win32 Executable MS Visual C++ (generic) (9.8%)

Win32 Executable Generic (2.2%)

Win32 Dynamic Link Library (generic) (1.9%)

sigcheck:

publisher....:

copyright....: Copyright 2001

product......: FlowHook Module

description..: FlowHook Module

original name: FlowHook.DLL

internal name: FlowHook

file version.: 1, 0, 0, 1

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx

PEInfo: PE structure information

Link to post
Share on other sites

Just curious if that method I used of saving the screen as viewed in FireFox (the File, Save Page As command), which produced the .htm file was viewable at your end, just like being logged into the site? I'm always hesitant if that will always work because I suspect somehow/somewhere/someone will start writing web code that will inhibit this from working?

Link to post
Share on other sites

  • Root Admin

It works but typically is not recommended as someone can create code to do things you might not want done on your system.

Based on the last batch file I've made a couple more additions. Please download the new one and run it and post back the results.

GetNetworkInfo2.zip

Link to post
Share on other sites

  • Root Admin

Okay here is probably the main reason why TCPIP is not starting.

SERVICE_NAME: IPSEC

TYPE : 1 KERNEL_DRIVER

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 2 (0x2)

The error why it's stopped means the following.

2 The system cannot find the file specified.

The file should be located here: %windir%\system32\DRIVERS\ipsec.sys

Please click on START - RUN and type in CMD and click OK.

Then type in the following and press the Enter key and post back what it says.

DIR /A /S %windir%\system32\DRIVERS\ipsec.sys

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.