Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no ip on wireless after virus removal also many deactivated services


  • This topic is locked This topic is locked
3 replies to this topic

#1 reinheart

reinheart

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 29 October 2013 - 12:16 AM

Hello everybody
So last night after Norton asked me to restart the PC to complete some threat removal, when I rebooted I found that I no more can go online, my wireless tool show that I am connected to my router but there is no trafic no IP assigned no default gateway etc, everything is blank, tried also to reactivate my firewall without success I can't even use the ipconfig command, now here is a Farbar scanner log and thank you in advance :

Farbar Service Scanner Version: 24-10-2013
Ran by user (administrator) on 29-10-2013 at 05:37:27
Running from "C:\Documents and Settings\user\Bureau\driver sagem"
Microsoft Windows XP Professionnel Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of Tcpip. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Tcpip. The value does not exist.
Checking LEGACY_Tcpip: ATTENTION!=====> Unable to open LEGACY_Tcpip\0000 registry key. The key does not exist.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-05 13:00] - [2008-06-20 12:51] - 0361600 ____A (Microsoft Corporation) 4AFB3B0919649F95C1964AA1FAD27D73

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-05 13:00] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 1A1E59377FB6CACD711CC5073C4A7D79

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-05 13:00] - [2008-04-13 18:33] - 0332800 ____A (Microsoft Corporation) F4CE708A7D17A625DE6C0FD746D50E88

C:\WINDOWS\system32\netman.dll
[2004-08-05 13:00] - [2008-04-13 18:33] - 0198144 ____A (Microsoft Corporation) BE0CB143FA427D93440DED18DB8C918B

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2007-08-23 13:46] - [2008-04-13 18:33] - 0145408 ____A (Microsoft Corporation) 5E9DEAE9980FF34BCD6DDE2E9E2BF911

C:\WINDOWS\system32\srsvc.dll
[2007-08-23 13:48] - [2008-04-13 18:33] - 0171520 ____A (Microsoft Corporation) 6ED29124A1C83BD0CF6B26BD01CA6F6F

C:\WINDOWS\system32\Drivers\sr.sys
[2007-08-23 13:48] - [2008-04-13 18:10] - 0073600 ____A (Microsoft Corporation) 39626E6DC1FB39434EC40C42722B660A

C:\WINDOWS\system32\wscsvc.dll
[2004-08-05 13:00] - [2008-04-13 18:33] - 0080896 ____A (Microsoft Corporation) C1FD85DB4A80A98D60ECB7A828E77FE0

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2007-08-23 13:46] - [2008-04-13 18:33] - 0145408 ____A (Microsoft Corporation) 5E9DEAE9980FF34BCD6DDE2E9E2BF911

C:\WINDOWS\system32\wuauserv.dll
[2007-08-23 13:48] - [2008-04-13 18:33] - 0006656 ____A (Microsoft Corporation) 75D6C5C3D2C93B1F9931E5DFB693AE2A

C:\WINDOWS\system32\qmgr.dll
[2007-08-23 13:48] - [2008-04-13 18:33] - 0409088 ____A (Microsoft Corporation) BAA0B6E647C1AD593E9BAE5CC31BCFFB

C:\WINDOWS\system32\es.dll
[2004-08-05 13:00] - [2008-07-07 21:28] - 0253952 ____A (Microsoft Corporation) EC16AE9B37EACF871629227A3F3913FD

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-05 13:00] - [2008-04-13 18:33] - 0062464 ____A (Microsoft Corporation) 7A6D0B71035E123FDDA2156A25578AD3

C:\WINDOWS\system32\svchost.exe
[2004-08-05 13:00] - [2008-04-13 18:34] - 0014336 ____A (Microsoft Corporation) E4BDF223CD75478BF44567B4D5C2634D

C:\WINDOWS\system32\rpcss.dll
[2004-08-05 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) 0203B1AAD358F206CB0A3C1F93CCE17A

C:\WINDOWS\system32\services.exe
[2004-08-05 13:00] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) C3FB1D70CB88722267949694BA51759E


Extra List:
=======
Bridge(11) BridgeMP(10) Gpc(3) HssDrv(21) IPSec(5) NetBT(6) PSched(7) VPCNetS2(13)
0x150000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C0000000D0000000F00000010000000110000001200000013000000140000001500000016000000
IpSec Tag value is correct.

**** End of log ****

BC AdBot (Login to Remove)

 


#2 reinheart

reinheart
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 29 October 2013 - 02:17 AM

Now that I have read a little on the forums, I think that the virus messed up my tcpip, that's why IP fields are blank explained too by the tcpip errors on the log, but how to fix ?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 31 October 2013 - 01:40 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Go to this page
http://download.bleepingcomputer.com/win-services/xp/

Download following registry files to your desktops:

Tcpip.reg
LEGACY_TCPIP.reg


Double click on on each downloaded files and confirm the prompt.
Restart computer normally.
Post new FSS log.

Please let me know if the problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 AM

Posted 06 November 2013 - 11:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users