I think i may have disabled my driver in internet connections earlier. But i think i fixed error with ipsec.reg
Farbar Service Scanner
Ran by User (administrator) on 11-01-2012 at 09:39:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
Internet Services:
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.
Connection Status:
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable
Windows Firewall:
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
aswTdi(8) Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
To check the service is running, use the Windows Run (windows key+R) and type services.msc and click the OK button, that will open the Services interface in XP.
I dont know if this helps, but when i clicked on dhcp and hit start, i got an error, 1075 the dependancy service does not exist or has been marked for deletion.
So DHCP is Auto and is Running ?
Strange then that farbar reports it as not running
It may not be required, as I said it isn’t present on my XP Pro system.
That would also account for it not being present as a registry key as reported by farbar.
If you open the service entry for DHCP again, click on the Dependencies tab and see what is reported there (make a note) and then check if these dependency services are actually present and running (again make notes).
dhcp is dependant on ipsec driver > is dependant on rpc and tcp/ip protocol driver. tcp is set to auto and is stopped when i start it, it says a dependancy is not enabled, tcp is dependant on afd, which i can not see in services
This may or may not be related to the main problem of the malware infection. So I think this should be mentioned in that topic.
If the ipsec service is running, which presumably it is so we are at tcpip, that you say is stopped, the only TCP I have in services.msc is TCP/IP NetBIOS Helper. Is that the one mentioned as a dependency and the one that you say is stopped ?
I don’t have an AFD service listed in my services either.
The more I look at this the more I feel it should be in the other topic as I find I’m constantly having to refer to it to find out what you have done, as the error you mentioned earlier (1075 the dependancy service does not exist or has been marked for deletion) has been associated with OTL/Combofix, I can’t recall which.
ok i tried some things they suggsted, didnt seem to help… i do have my lan up in bottom of scfreen and it is trying to aquire an network address. but failing
That is it trying to get a DHCP address and presumably failing because of the dependancy issue…
That is a difference to mine, I don’t have a LAN set up, I have my PC directly connected to the router I don’t have ICS (Internet Connection Sharing) as such as my netbook connects to my router by wifi, so I don’t have a network setup on my system.
So I have no practical experience in resolving network problems, which is also why I feel this is all related to the original malware problem and essexboy is the man for that.
i have 2 computers and am using a “2wire” router my main computer the 1 with problems is wired driectly to router, this comp i am on now is a laptop and is wireless
and once again, thank you so much for all you have done.
Essexboy is back on the case in the other topic as you see and hopefully with OTL will be able to restore some registry keys messed up by the malware.
So you should keep all future posts in that topic to try and keep the information in one place as this does appear to be a continuation of the malware problem.
Yes, but when something comes up (as in the case of the OP) that a dependency is missing that said service would be listed, but that is just my failed logic as opposed to Microsoft’s.
I agree it’s a bit of a PITA when you don’t know where to look. Next time I have lunch with Bill I’ll mention it. : They’ve got to make it easier for us old guys.
So you should keep all future posts in that topic to try and keep the information in one place as this does appear to be a continuation of the malware problem.
I didn't realize the OP had another topic on the go when I first posted here. Sorry.
as the error you mentioned earlier (1075 the dependancy service does not exist or has been marked for deletion) has been associated with OTL/Combofix, I can't recall which
BTW, That mesage is similar but not the same as the one you get sometimes after running CF on a Vista machine.