Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can browse the internet but cannot connect to online games [Solved]


  • This topic is locked This topic is locked

#76
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = DWORD:0
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


After it reboots try again. If it does not work then rerun Farbar Services Scanner just like you did before and post it here.
  • 0

Advertisements


#77
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Unfortunately it does yet not work.

OTL:
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mörtl
->Temp folder emptied: 20981337 bytes
->Temporary Internet Files folder emptied: 2339035 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 606640115 bytes
->Flash cache emptied: 6865 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39314 bytes
RecycleBin emptied: 3179034 bytes

Total Files Cleaned = 604,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07272012_025330

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

FSS:

Farbar Service Scanner Version: 26-07-2012
Ran by Mörtl (administrator) on 27-07-2012 at 02:59:48
Running from "C:\Dokumente und Einstellungen\Mörtl\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-23 14:00] - [2009-04-20 19:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07

C:\WINDOWS\system32\ipnathlp.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2010-04-22 15:08] - [2008-04-14 04:22] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2010-04-22 15:08] - [2008-04-14 04:02] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2010-04-22 15:55] - [2008-04-14 04:22] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2010-04-22 15:08] - [2008-04-14 04:22] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2001-08-23 14:00] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74

C:\WINDOWS\system32\cryptsvc.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2001-08-23 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2001-08-23 14:00] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B

C:\WINDOWS\system32\services.exe
[2001-08-23 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Edited by Modin, 26 July 2012 - 07:10 PM.

  • 0

#78
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We restored the vaue and now we will enable it.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = DWORD:1
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


After it reboots try again. If it does not work then rerun Farbar Services Scanner just like you did before and post it here.
[/quote]
  • 0

#79
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | DWORD:1 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mörtl
->Temp folder emptied: 9569372 bytes
->Temporary Internet Files folder emptied: 1227564 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48777824 bytes
->Flash cache emptied: 763 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23524 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07272012_103122

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

FSS:

Farbar Service Scanner Version: 26-07-2012
Ran by Mörtl (administrator) on 27-07-2012 at 10:38:52
Running from "C:\Dokumente und Einstellungen\Mörtl\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-23 14:00] - [2009-04-20 19:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07

C:\WINDOWS\system32\ipnathlp.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2010-04-22 15:08] - [2008-04-14 04:22] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2010-04-22 15:08] - [2008-04-14 04:02] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2010-04-22 15:55] - [2008-04-14 04:22] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2010-04-22 15:06] - [2008-04-14 04:22] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2010-04-22 15:08] - [2008-04-14 04:22] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2001-08-23 14:00] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74

C:\WINDOWS\system32\cryptsvc.dll
[2001-08-23 14:00] - [2008-04-14 04:22] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2001-08-23 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2001-08-23 14:00] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B

C:\WINDOWS\system32\services.exe
[2001-08-23 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Is it possible that the issue has something to do with svchost.exe files? I counted like 9 in my task manager.

Edited by Modin, 27 July 2012 - 03:32 AM.

  • 0

#80
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Is it possible that the issue has something to do with svchost.exe files? I counted like 9 in my task manager.

Not likely we typically have several running.

We do need to get a successful sfc run since you have several files that are not necessarily infected but they are corrupted.
  • 0

#81
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I am leaving my home today for 2 weeks of vacation. Afterwards I will try to get a new disc-drive.
  • 0

#82
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I will keep this open for you! Have a great trip!
  • 0

#83
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I finished the SFC scan as I managed to "repair" my cd-drive :D the problem does still exist tho

Edited by Modin, 11 August 2012 - 09:21 AM.

  • 0

#84
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Great job on the sfc


How is the computer performing?

What issues remain?
  • 0

#85
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I am still not able to log in to onlinegames as before... the rest is fine as far as i can tell.
  • 0

Advertisements


#86
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please download VEW and save it to your Desktop:

Setting up the program
Right-click VEW.exe and select Run as Administrator then under Select log to query, select:

  • Application
  • System

Under Select type to list, select:

  • Critical (Vista only)
  • Error
  • Click the radio button for Number of events
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.

Load the log
  • Save the log to your desktop
  • Post the logs in your next reply

  • 0

#87
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I am actually able to log in I just tried it again and it worked o.O shall I proceed with VEW?
  • 0

#88
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Just try it for some time an get back to me in a day or so if it is working or not :thumbsup:

CompCav
  • 0

#89
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
When I turned my PC on today, the problem was back. I am strongly thinking about reformating my hard drive and reinstalling windows.

greetz Modin

Edited by Modin, 18 August 2012 - 12:20 AM.

  • 0

#90
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
This is likely not malware, you can post a topic in Networking or do as you suggested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP