Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to internet after virus/malware removal


  • Please log in to reply
3 replies to this topic

#1 mrwmnhtr

mrwmnhtr

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az.
  • Local time:03:00 AM

Posted 20 May 2012 - 10:34 PM

Hello and Thank you in advance,

I am working on a friends computer. A custom build:
Elitegroup Motherboard 945GZT-M
Windows XP Home Version 2002 SP3 32bit.
Network Adapter: RealTek RTL8139/810x Family Fast Ethernet NIC
My Modem/Router: Actiontec PK5000
(I do not know what he uses.)
Connection Wired DSL
MiniToolBox:
Result at end of document (Wow, It found a lot more errors than I did.)

The complaint was running too slow. Last year I had installed anti-virus and anti-malware programs as it had none. During the past year he had not updated or ran any of these tools. I didn't want to go through the hassle of connecting him to my network so I downloaded tools and transferred them via flash drive. Avast found about 319 infections, Malwarebytes found about 7 infections, SuperAntiSpyware found about a couple of hundred infections, mostly tracking cookies. System restore had been disabled. (I have scan logs.) I was able to run these in safe mode.

I sent it home with him and instructed him to update all the software and definitions and run them again.

He couldn't get it to connect to the internet. I got it back and I couldn't get it to connect either. Now I can not get to the selective start up screen. F8 does not get me there. Shutting down with the power button will not bring up on start up.

The Network Connections Status\Support Tab\Details: Show no information.
IPCONFIG /All showed no information.
IPS (Qwest) could see the computer but couldn't ping.
Device manager said everything was working properly except under hidden devices.
The keyboard, Zune Bus Enumerator Driver, and Parport. Either not present or not working. Code 24 on all.

I read somewhere that some network files may have been infected by malware and may have been deleted with all the other infected malware files.

At one point I manually went through the Services and set each one to start automatically. That didn't work so I used system restore and set it back the way I found it. (It also set the system restore to off again.)

I had numerous errors. (In no particular order.)

Error loading C:\Program Files\Common Files\Paretologic\UUS2\UUS.dll
Module could not be found.

Repair Local Area Connection
Windows could not finish repairing because the following action could not be completed. Failed to query TCP/IP settings of the connection. Can not proceed.

Windows Firewall Settings could not be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service? YES Windows can not start the Windows Firewall/Internet Connection Sharing (ICS) service. (This lead me to starting all the services.)

Windows Firewall/Internet Connection Service (WF/ICS) Error 10050
A socket operation encountered a dead network.
(IPSEC Service, Net Logon Service also had this error code.)

TCP/IP NetBios Error 1075
The Dependency service does not exist or is marked for deletion.
(DHCP Client service, Network Location Awareness Service, QoS RSVP Service also had this error code.)

Application Management service Error 126
Module could not be found.

Uninterruptible Power Supply Error 2481
The UPS service is not configured properly

My Modem/Router: Actiontec PK5000

New Broadband connection. Connecting through WAN (PPPOE) Error 678
Remote computer did not respond.

Qwest Broadband Software Error QC4010
Attempts to Ping IP address (192.168.0.1) have failed.

I have done or attempted these things:
Network cable checked.
The modem is not disabled.
The modem drivers are updated.
Spyware has been removed.
Winsock could not be repaired or reset.
IP could not be reset.
No Third-party firewall software installed.
Removed temp files in Windows, IE and Firefox
Attempted to renew IP address.
Could not connect to internet in safe mode.
Ran Disk Clean.
Ran Disk Check.
Defragged.

He had no recovery disks so I used the Windows install disk to attempt repairs but it wanted the admin password. He said he didn't have one. I ran a well known password cracker (OPH....) and it found no passwords. So repair was incomplete.

What do I do now?

Randy

If necessary, please repost this in the appropriate section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jeff Miller (administrator) on 20-05-2012 at 20:14:46
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [JEFF-2E0A22FF48]. Some commands may not be available.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration



Windows IP Configuration

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/18/2012 01:29:44 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:48:05 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:46:30 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/18/2012 11:40:21 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:37:48 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:35:19 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:33:53 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/18/2012 11:32:56 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:31:34 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/18/2012 11:28:35 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (05/18/2012 01:31:34 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/18/2012 01:31:25 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%10050

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10050

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Bdfsdrv service terminated with the following error:
%%126

Error: (05/18/2012 01:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).


Microsoft Office Sessions:
=========================
Error: (05/18/2012 01:29:44 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:48:05 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:46:30 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (05/18/2012 11:40:21 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:37:48 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:35:19 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:33:53 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (05/18/2012 11:32:56 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/18/2012 11:31:34 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: ps_app_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (05/18/2012 11:28:35 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 2039.36 MB
Available physical RAM: 1714.57 MB
Total Pagefile: 3410.59 MB
Available Pagefile: 3286.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.72 MB

========================= Partitions: =====================================

1 Drive c: (MILLER_ONLY) (Fixed) (Total:149.05 GB) (Free:110.51 GB) NTFS
2 Drive d: (QwestInstall) (CDROM) (Total:1.61 GB) (Free:0 GB) CDFS
4 Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:2.18 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
Jeff Miller servicetech SUPPORT_388945a0


**** End of log ****

Edited by hamluis, 23 May 2012 - 06:37 AM.
Moved from Networking to Am I Infected - Hamluis.

____________________________________________________________

A law repugnant to the Constitution is void. ~ Supreme Court Chief Justice John Marshall
____________________________________________________________


BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 22 May 2012 - 12:58 AM

You will need a malware expert first to clean thoroughly the infection from your computer. A BC Advisor or Moderator will move your topic. Please be patient.

Tekken
 


#3 mrwmnhtr

mrwmnhtr
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az.
  • Local time:03:00 AM

Posted 22 May 2012 - 04:58 AM

Thank you

____________________________________________________________

A law repugnant to the Constitution is void. ~ Supreme Court Chief Justice John Marshall
____________________________________________________________


#4 mrwmnhtr

mrwmnhtr
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az.
  • Local time:03:00 AM

Posted 23 May 2012 - 10:14 PM

I am ending this post. The customer took his computer. Since he never updated the software and definitions for his anti-virus or anti-malware, and is still running Firefox 3.1 he will be back. And I will charge him more the next time. Sorry for wasting your time. And thank you

~ Randy ~

____________________________________________________________

A law repugnant to the Constitution is void. ~ Supreme Court Chief Justice John Marshall
____________________________________________________________





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users