Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet, no cd drive, no firewall


  • Please log in to reply
13 replies to this topic

#1 KittySabba

KittySabba

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:06:07 AM

Posted 28 December 2011 - 06:21 AM

So, normally I'm pretty okay with dealing with the everyday virus issue, so when a fake antivirus showed up,I sighed and broke out rkill and malwarebytes. However, after finally getting it clean (Or so I thought), I restarted it to find just about every important function not functioning. No wireless internet.
For some reason ics is turned on, and Ive lost my advanced tab in connection properties, so I can't turn it off. My firewall's off, and I can't turn it on until I deal with ics. When I got my windows xp dvd out I found out my computer can no longer find my cd/dvd drive. Says it doesn't exist. My antivirus (Avast) can't turn on mail scanning for some reason. For some reason my wireless printer program can't run, nor the device monitor. And when I type "ipconfig" into command prompt I get
Windows IP Configuration
An internal error has occurred: the request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.

I'm running windows xp professional,service pack 3.
I've scanned and scanned again using avast and malwarebytes. Rkill brings up nothing. Google can find me nothing relating to my problem. I cast my pleas upon the wise computer users' ears.

Edited by KittySabba, 28 December 2011 - 07:09 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Computer-man_*

Guest_Computer-man_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2011 - 06:54 AM

Hi KittySabba,



I have a question for you, did you use a Registry Cleaner program.?
I was reading your post and then I had read this, said I to myself, that lady has a Registry problem.
What I can say is: It is smart when you make a new Windows installation or maybe can you return the system back to the point that the system did good work.

#3 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face

Posted 28 December 2011 - 07:09 AM

Hi KittySabba,



I have a question for you, did you use a Registry Cleaner program.?
I was reading your post and then I had read this, said I to myself, that lady has a Registry problem.
What I can say is: It is smart when you make a new Windows installation or maybe can you return the system back to the point that the system did good work.


No, do you know of a good free one I could use?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:07 AM

Posted 28 December 2011 - 08:51 AM

Do NOT use any registry cleaner...least of all, in an effort to solve a malware problem.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
I have moved your topic to the appropriate malware forum.

Louis

#5 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:07:07 AM

Posted 28 December 2011 - 09:36 AM

Okay, thank you. Sorry, didn't realize it was in the wrong forum.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 28 December 2011 - 10:38 AM

Please download Farbar Service Scanner

http://download.bleepingcomputer.com/farbar/FSS.exe

and run it on the computer with the issue.


* Press "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.


Regarding missing CD/DVD drive

Download this file

http://www.mediafire.com/?ko74zsa80dxo100


Launch it and click YES to import it to registry,restart your PC
See if you get back your CD/DVD drive icon

Good luck

#7 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:07:07 AM

Posted 28 December 2011 - 11:10 AM

Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of NetBt. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of NetBt. The value does not exist.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) aswTdi(9) Gpc(6) PSched(7) Tcpip(3) Tcpip6(10)
0x0A0000000400000001000000020000000300000009000000050000000600000007000000080000000A000000

**** End of log ****


And no, the reg key edit did not fix the missing cd drive.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 28 December 2011 - 02:47 PM

Download

http://www.mediafire.com/?9nqsp6wha4s29s4

Extract and launch all three registry files

Click YES and import them to registry one by one

Restart your PC.Check your connection


Good luck

#9 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:07:07 AM

Posted 29 December 2011 - 12:00 AM

Okay, did all that. No change. Did ipconfig and no change there either. Everything's pretty much the same.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 29 December 2011 - 12:05 AM

Please post the new FSS log

Thanks

#11 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:07:07 AM

Posted 29 December 2011 - 12:34 AM

Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) aswTdi(9) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(3) Tcpip6(10)
0x0A0000000400000001000000020000000300000009000000050000000600000007000000080000000A000000

**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 29 December 2011 - 02:37 AM

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this


Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]


Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck

Edited by narenxp, 29 December 2011 - 02:38 AM.


#13 KittySabba

KittySabba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Crawling up your stairs with a manical grin splitting my face
  • Local time:07:07 AM

Posted 29 December 2011 - 03:12 AM

Thankyouthankyouthankyou!!!!!!- *pauses in the middle of her jubilation* Well, it appears the fake antivirus is back.... But I'm browsing again, so I can deal. It keeps on popping up in c:\documents and setting\administrator\local settings\aplication data as a randomly named .exe. Any chance you can help me with this? If not, I'm already extremely grateful and happy. Thank you so much.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:07 AM

Posted 29 December 2011 - 11:31 AM

Latest versions of malwarebytes have started detecting the infection properly.Not sure if you ran scan with it.

Boot into safemode

I think you should have malwarebytes with you

Right click on malwarebytes icon

Select-Run as

Uncheck protect my computer against.....

Click ok,that should open mbam ,run a full scan

Another tricky way:

Press Windows+R key which opens the RUN window,type

system32 and click ok

Right click on taskmgr

Select-Run as

Uncheck protect my computer against.....


That should open your task manager

End the XYZ.EXE process which is nothing but the rogue.

Now go to the specified location and delete the file

When you delete the file manually, you will lose the EXE file associations.

Download

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Extract and launch the registry fix.

You should be able to launch applications now.

Good luck

Edited by narenxp, 29 December 2011 - 11:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users