Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet after XP Secuirty Virus


  • Please log in to reply
28 replies to this topic

#1 MN993

MN993

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 January 2012 - 10:09 PM

Hello. I have a Dell Dimension E510 running XP SP3. After removing ( I hope) the virus using the automated removal instructions from this site, I still cannot connect to the internet. It continues to look for IP address. Any help would be appreciated

Here’s the FSS log:
Farbar Service Scanner
Ran by Chris and Mindy (administrator) on 06-01-2012 at 20:08:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 06 January 2012 - 11:05 PM

Launch FSS again and type

afd.sys and click on Search files

Post the generated log

#3 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 January 2012 - 11:15 PM

Here's the log from the search:

Farbar Service Scanner
Ran by Chris and Mindy (administrator) on 06-01-2012 at 22:09:56
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\WINDOWS\system32\dllcache\afd.sys
[2005-08-16 03:18] - [2011-08-17 07:49] - 0138496 ____A (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-08-19 10:10] - [2008-04-13 13:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008-08-22 17:19] - [2008-06-20 04:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-10-16 07:25] - [2008-08-14 04:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 05:48] - [2008-06-20 05:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 05:40] - [2008-06-20 05:40] - 0138496 ___AC (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 04:44] - [2008-06-20 04:44] - 0138368 ___AC (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-12 07:04] - [2011-08-17 07:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 09:07] - [2008-10-16 09:07] - 0138496 ___AC (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-06-16 16:06] - [2011-02-16 07:25] - 0138496 ___AC (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

C:\i386\afd.sys
[2006-06-04 18:54] - [2004-08-10 04:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

====== End Of Search ======

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 12:16 AM

Press Windows+R key and type

dllcache and click ok

Copy afd.sys from the location and paste it in

C:/Windows/system32/drivers folder

Restart your PC and check your browser

Good luck

Edited by narenxp, 07 January 2012 - 09:30 AM.


#5 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 08:20 AM

I see no ipsec.sys in the cache file

#6 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 08:43 AM

I did find it the service pack file, driver file and c:

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 09:29 AM

Extremely Sorry plz copy the afd.sys file to C:Windows/system32/drivers folder.Restart the PC.

Good luck

#8 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 09:50 AM

No problem. Made the copy and pasted to driver file, rebooted -- no ip address. Here's the FSS log:

Farbar Service Scanner
Ran by Chris and Mindy (administrator) on 07-01-2012 at 08:43:18
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 10:02 AM

Press Windows+R key and type

cmd and click ok ,run this command

net start dhcp

Now try to browse now.Restart your PC and check your browser.If you lose connection after restart ,try this

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck

#10 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 10:55 AM

Ok.
After "cmd and click ok ,run this command, net start dhcp" the browser ran
After reboot it did not
I followed the rest of the procedure but the browser will not restart
FSS still indicates Dhcp is not running.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 11:09 AM

Press Windows+R key and type

cmd and click ok and run this command

sfc /scannow

If it asks for XP CD,insert it,if you dont have one,restart the PC and let me know

Edited by narenxp, 07 January 2012 - 11:09 AM.


#12 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 11:35 AM

I don't have disks
Windows File Protection is running. Should I let it continue?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 04:46 PM

Run it if it doesnt ask for disks.

Restart the PC and check your browser

#14 MN993

MN993
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 January 2012 - 05:07 PM

Still no connection. It kept asking for disks

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:57 PM

Posted 07 January 2012 - 11:20 PM

Download

SYSTEM LOOK

Launch it and copy the script in the BOX

:reg
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afd /s

Click on LOOK

Post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users