HAVE AN ERROR had a virus now no internet Please, Please help

Woke up this morning with no Internet. Avast said I had a virus, and shut down the Internet. Also my web shield was turned off and will not turn back on. Seems I had an error also something about mail. 10010 I think it was. I did a boot scan last night before bed. I seen one virus. It was quarantined then went to sleep, woke up with this. I am using xp home. So after reading many blogs and trying a lot of stuff I removed avast from add/remove, I also tried repairing here also. I still have no Internet. Please help

Woke up this morning with no Internet
hmmmm....sounds like a Blues song ;D
Avast said I had a virus, and shut down the Internet
do you remember the name avast gave ?

OK follow this guide and attach the logs
http://forum.avast.com/index.php?topic=53253.0

since you have no net…download from another computer and move the tools over using a USB stick

Essexboy is notified and should be here in 2-3 hours

Iam currently looking for a stick, and the fact that i took some advice from a blog that said to delete Avast, might come into play?

And thank you so very much in getting back to me:):):slight_smile:

the virus was something java

i am tying to get into my modem at 192.168.2.1 and con not even connect to my modem

The latest trick of some malware is to delete some registry service keys

run farbar service scanner

http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg

Tick “Internet services” and “Windows Firewall” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

ok ty for getting back to me, I am currently waiting for a stick so i can put this program on my computer, as i have no internet on my computer

Do you have access to another computer with the same version of windows - as we may need to export some registry data

Farbar Service Scanner
Ran by User (administrator) on 09-01-2012 at 16:52:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal


Internet Services:

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.

Connection Status:

Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

Windows Firewall:

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=DWORD:0

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

aswTdi(8) Gpc(3) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
Attention! IpSec Tag value is missing and it should be 5

**** End of log ****

IpSec Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist. Attention! IpSec Tag value is missing and it should be 5

Would you be happy going into regedit and exporting the following key and posting the data here ?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec]

I would be very happy to do whatever you ask:) trouble is I am a computer novice.

PS thank you for replying

basically i am sorry to say i don’t know how to do that. But I aM GOOGLING IT, AND TRYING TO FIGURE IT OUT.

OK a step by step guide with pictures ;D

Go Start > Run
In the box type regedit and press enter
A window will open with a tree structure
Open the tree by pressing the little arrows unitl you reach the stage in my first picture
Then using the slider go down to IpSec (I do not have that on windows 7)
Right click the key and select export
Save it to your desktop
Right click the reg file on the desktop and select Edit
Copy and paste the data to your next reply

Second screenshot If you cannot find run then press the windows and R key together

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]
“Type”=dword:00000001
“Start”=dword:00000003
“ErrorControl”=dword:00000001
“ImagePath”=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,69,00,6e,00,69,00,70,
00,2e,00,73,00,79,00,73,00,00,00
“DisplayName”=“IP in IP Tunnel Driver”
“DependOnService”=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
“DependOnGroup”=hex(7):00,00
“Description”=“IP in IP Tunnel Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp\Security]
“Security”=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

checked online how to fix it, but am holding off to hear from you

ty again

i do not have ipsec

I am stuck, I can not find what he wanted

First essexboy will be at work and is usually on the forums around 7pm UK time, now 2:00pm in the UK.

I’m not sure what you mean by you haven’t got ipsec, presumably you mean no ipsec registry key, as you have posted a registry key data but it wasn’t ipsec ?
The ipsec.sys file should be here c:\windows\system32\drivers\ipsec.sys (this is a hidden folder so you many not see it), is that is what you are saying you haven’t got.

I have XP Pro SP3, so I don’t know if my registry key for ipsec would be the same as for XP Home (you don’t say what SP you have ?). Hopefully essexboy will know and could use this information if required.

This is the content of the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec] key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
“Type”=dword:00000001
“Start”=dword:00000001
“ErrorControl”=dword:00000001
“Tag”=dword:00000005
“ImagePath”=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,
00,73,00,79,00,73,00,00,00
“DisplayName”=“IPSEC driver”
“Group”=“PNP_TDI”
“Description”=“IPSEC driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
“Security”=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
“0”=“Root\LEGACY_IPSEC\0000”
“Count”=dword:00000001
“NextInstance”=dword:00000001

thank you for the reply, but i dont know how to find hidden files. I am going to a funeral, this is driving me nuts. I am hoping I am back and have that file found before essexboy boy gets back, as i don’t want to waste his time.