Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No online access


  • Please log in to reply
29 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 15 May 2012 - 09:26 PM

My nieces computer cannot access the internet.

She is runnig xp home edition with sp3.

I have run tdsskiller with a manual update in safe and reg mode and it found nothing,

I tried running mwb with a manual update in safe and reg mode but everytime I manually updated it it said it was missing or corrupt and the update I pasted went away.

I tried a system restore back to march and the same result.

4

BC AdBot (Login to Remove)

 


#2 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 12:17 AM

just noticed that on the first of this month mse had caught and removed the good old seref ( i think that is spelled right) virus. Several actually. Not sure if that helps.

4

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 04:29 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#4 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 07:28 AM

narenxp,

Thank you for your assistance.

Here is the FSS log you requested:


Farbar Service Scanner Version: 11-05-2012
Ran by Ashley larson (administrator) on 16-05-2012 at 05:18:07
Running from "C:\Documents and Settings\Ashley larson\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 07:34 AM

Launch FSS again and type

afd.sys in the search BOX

click on search files

Post the generated log.

good luck

#6 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 07:44 AM

narexp,

Here is the FSS search log you requested:

Farbar Service Scanner Version: 11-05-2012
Ran by Ashley larson (administrator) on 16-05-2012 at 05:37:47
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "afd.sys" =========

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 04:40] - [2011-08-17 06:49] - 0138496 ___AC (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011-11-26 17:58] - [2008-04-13 12:19] - 0138112 ____N (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2011-11-26 18:36] - [2008-06-20 03:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011-11-26 19:15] - [2008-06-20 04:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2011-11-26 18:35] - [2004-08-04 00:14] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011-11-26 19:14] - [2008-04-13 12:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-11-26 20:43] - [2008-10-16 07:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-11-26 20:38] - [2008-08-14 03:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2011-11-26 19:03] - [2008-08-14 02:51] - 0138368 ____C (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2011-11-26 18:32] - [2008-08-14 03:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2011-11-26 18:32] - [2008-08-14 03:04] - 0138496 ____A (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2011-11-26 18:32] - [2008-08-14 02:48] - 0138368 ____A (Microsoft Corporation) 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 04:48] - [2008-06-20 04:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 04:40] - [2008-06-20 04:40] - 0138496 ____A (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 03:44] - [2008-06-20 03:44] - 0138368 ____A (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-11-26 20:34] - [2011-08-17 06:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 08:07] - [2008-10-16 08:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

====== End Of Search ======

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 07:48 AM

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Press Windows+R key and type

dllcache and click ok

Copy afd.sys from the location and paste it in C:\windows\system32\drivers folder

Download

afd.reg

wscsvc.reg

Launch them and click YES

Press Windows+R key and type

regedit and click ok

Navigate to this location

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

Right click on it-PERMISSIONS

Select EVERYONE and check mark FULL CONTROL ,click ok

Download


legacy-wscsvc

Launch it,click YES

Go to

http://support.microsoft.com/kb/971058

Run the windows update fixit

Restart the PC . post the new FSS log

good luck

#8 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 08:05 AM

narenxp'

Copy afd.sys from the location and paste it in C:\windows\system32\drivers folder

I see an afd but without the .sys

Is this the correct one? Just being certain.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 08:17 AM

yes,copy that :thumbup2:

#10 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 08:20 AM

ok thank you.

Followed your instructions down to running the fix it tool. Since it has no internet connection I am downloading on my pc and transferring via flash drive.

when trying to run the fix it tool I get the error for not being able to contact the server.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 08:25 AM

Ignore it,restart the PC,if you get back internet,then run the fixit

good luck

#12 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 08:29 AM

Internet back! running the fixit tool!

Awesome.......

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 08:38 AM

grt,after running fixit

UPDATE malwarebytes and run a FULL SCAN.post the clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#14 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 16 May 2012 - 08:38 AM

Narenxp,

Internet is back, fix it tool ran. Here is the FSS log post fix as you requested:

Farbar Service Scanner Version: 11-05-2012
Ran by Ashley larson (administrator) on 16-05-2012 at 06:34:49
Running from "C:\Documents and Settings\Ashley larson\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:32 AM

Posted 16 May 2012 - 08:41 AM

Please check my previous instructions :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users