Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Awry


  • Please log in to reply
5 replies to this topic

#1 Jim JS

Jim JS

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 December 2011 - 10:59 AM

Hi guys,

Today was attacked by the ever so famous XP Security 2012 virus. In the course of removing the virus, I lost all internet connection.

I have tried unplugging the modem plus router...disabled and enabled the network...and still no such luck.

Any help would be greatly appreciated.

F.Darkwater



Hello. I have the same problem. I tried running UVK but doesn't seem to help. I ran the scan you suggested and here is the log (note I checked Windows Firewall but I use ZoneAlarm):

Farbar Service Scanner
Ran by Jim Stauffer (administrator) on 24-12-2011 at 07:53:35
Microsoft Windows XP Home Edition Service Pack 3 (X86)
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(268435457) Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
0x0B0000000400000001000000020000000300000001000010000000100500000006000000070000000900000008000000

**** End of log ****


Can you help?

Edited by hamluis, 24 December 2011 - 01:03 PM.
Split from different topic, PM sent new OP.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 24 December 2011 - 08:50 PM

Download

http://www.mediafire.com/?qypf3q4s4d988u5

Launch the afd.reg file and click on YES to import it to registry

Restart the PC,see if you can browse now

good luck

Edited by narenxp, 24 December 2011 - 08:51 PM.


#3 Jim JS

Jim JS
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 25 December 2011 - 12:00 AM

Thank you. I did as you suggested but Internet Explorer still won't work. This all started with a XP Internet Security 2012 infection, which I cleared with Spybot.

In my Network Connections it says the Local Area Connection Status is "Connected". I don't know if this matters but when I type ipconfig in CMD, it says "An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name."

From services.msc, I can't manually start DHCP Client, DNS Client, IPSEC Services, or Network Location Awareness (NLA) service. I get "Could not start the ____ service on Local Computer. Error 1068: The dependency service or group failed to start." I don't see a service for TCP/IP, only TCP/IP NetBIOS Helper. Prior to following your suggestion I was getting a different error, so maybe that's progress?? I've searched other sites on this error 1068, but to no avail.

Now the FSS scan shows:


Farbar Service Scanner
Ran by Jim Stauffer (administrator) on 24-12-2011 at 20:36:08
Microsoft Windows XP Home Edition Service Pack 3 (X86)
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(268435457) Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
0x0B0000000400000001000000020000000300000001000010000000100500000006000000070000000900000008000000

**** End of log ****


Is there something else I need to do besides what you suggest and a reboot? Should the browser just come up right away or do I need to change something in it?

Thank you again for your help!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 25 December 2011 - 03:29 AM

Hi

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this


Please copy the entire contents of the codebox below into Notepad:



REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck

#5 Jim JS

Jim JS
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 25 December 2011 - 01:55 PM

Thank you, again. I downloaded and ran your Winsock fix, it didn't work.

I then added your script to the Registry, and followed your instructions for installing Internet Protocol (TCP/IP) and rebooting. That seemed to do the trick! I can now use the ipconfig command successfully, the services I described earlier appear to be started now. And best of all my browser is working again!

Thank you very much for your help. My whole family thanks you!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 25 December 2011 - 02:38 PM

You're welcome :thumbsup:

Edited by narenxp, 25 December 2011 - 02:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users