rootkit zero access virus- cant connect to the internet please help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kschwarz1979, Dec 26, 2011.

  1. kschwarz1979

    kschwarz1979 Private E-2

    I have a dell laptop vostro 1500 with XP SP3 and I haven't been able to connect to my internet for about 3 weeks now. My avast came up and found a virus, then my computer rebooted and avast did a start up scan.I let it run over night, when I got up in the morning i restarted my computer avast came up with an error message that read "Avast! Will not be able to protect mail/news (error 10050) and could not be fixed."

    My computer recognizes my router however will not connect to it. it also comes up with an error that reads "windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall/internet connection sharing (ICS) service?" when i click on yes it then says Windows cannot start the windows firewall/Internet connection sharing (ICS) service.

    I went through the "read and run me first" step by step, combo fix can up and told me that it was a rootkit zero access virus. After it did its thing trying to get ride of it I continued on with the rest of the "read and run me"

    After I have completed the steps my computer is in a weird mode, Sorry I don't know a lot about computers. It almost looks like windows 95 when I try to open my "dell wireless WLAN card Utility" it give me an error message "there are currently no wireless adapters available and enabled. Please enable any available wireless adapters before accessing this configuration utility"

    Any help would be greatly appreciated and I will wait patently,thank you in advance!
     

    Attached Files:

  2. kschwarz1979

    kschwarz1979 Private E-2

    and the MGlogs.zip
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    Yes! Part of the reason is the below three serices are not running
    Code:
    Checking DHCP, AFD, NetBT, TCP/IP, IPsec Service States 
       Dynamic Host Control Protocol -DHCP- is NOT running
       TCP/IP Protocol Driver -TCP/IP- is NOT running  
       IPSEC driver  -Ipsec- is NOT running  
    
    It appears that your IPSec registry entries have been corrupted.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    Please download MiniToolBox and save it to your desktop and run it by right clicking and selecting Run As Administrator.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List IP configuration
    • List Winsock Entries
    • List Devices -> All
    • List last 10 Event Viewer log
    Press Go and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run from.


    Now download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now open Repair_Windows.exe
    • Go to Start Repairs tab.
    • Choose "Custom Mode" and press "Start".
    • Create a System Restore point if prompted.
    • In the Custom Mode window, select the following repair options:
      • Repair Windows Firewall
      • Repair Internet Explorer
      • Repair Hosts File
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Windows Updates
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.
    Reboot after running Windows Repair.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • the Results.txt log file from MiniRegTool
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  4. kschwarz1979

    kschwarz1979 Private E-2

    thank you for the reply! what do I need to set the encoding to? I tried with ANSI, and did It did not work "cannot import C:|documents and settings\user\desktop\fixme.reg:error accessing the registry.", however I also have Unicode, Unicode big endian, and UTF-8 Let me know if I need to change the encoding, I am currently in the process of running the about program, I will post the results once I am finished:)
     
  5. kschwarz1979

    kschwarz1979 Private E-2

    I right clicked on the mgtools icon and tried to run as administrator however It needed a password, and I don't ever remember having a password on it, I tried all my default passwords and no luck so I just ran it by double clicking it. Let me know if there is a way around the password situation
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    I see that you managed to figure it out. ;)

    As shown, those instructions are only necessary for Vista and Win 7 users.

    The IPsec service is now running but TCPIP and DHCP are still not running.
    You may still have some registry entries missing. I looking thru the latest logs to see what I can find.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now import the below registy patch the same way you did last time.
    Copy the bold text below to notepad. Save it as fixssdp.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  8. kschwarz1979

    kschwarz1979 Private E-2

    no the fixssdp.reg didn't work "cannot import C:|documents and settings\user\desktop\fixssdp.reg:Not all data was successfully written to the registry. Some keys are open by the system or other processes." I ran combofix again (Not sure if I was suppose to) and attached files. The computer hasn't seemed to have changed. No programs load in the lower right of the tool bar, no sound icon, router or connection icon

    Thank you again for your help!
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay a few registry entries merged in but others did not. We will need to modify permissions on some registry keys. Before we can complete this process, I first need you to go thru the below which could take 10 minutes of more to run.

    Download SubInACL.msi from Microsoft.
    • Now double click on SubInACL.msi to run the installer. Accept any prompts you get about installing this.
    • Now download the below file and save it to your Desktop:
    • Now double click on resetperm.cmd to run this script. Be patient as this may take awhile to run. Also it is imperative that you Run As Administrator. This is not the same thing as your user account having administrator priviledges.
    Once it finishes, reboot your PC. Then report back on how these instructions worked.
     
  10. kschwarz1979

    kschwarz1979 Private E-2

    I tried to run subinacl.msi but it gave me this error message

    "The windows Installer Service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed. Contact you support personnel for assistance."

    I have tried going to msconfig and booting in normal mode at least 5 times, Im guessing Im in safe mode, Is there another way get it to boot in normal mode?
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! You are in normal boot mode and have been. You just have many many services that have been disabled on your computer. The Winodws Installer service happens to be one of them that is now stopped.


    Now download this subinacl and save it to your Desktop where I asked you to also save resetperm.cmd

    Note if you have a problem running it as administrator ( like perhaps you don't know the Administrator account's password ) then just double click it to run it as you.
     
  12. kschwarz1979

    kschwarz1979 Private E-2

    ok I tried to run subinacl as administrator but don know the password, when I double click the icon to run it normally the command prompt screen flashed briefly and closes itself

    I tried to run resetperm.cmd as the admin, but there is no "run as" option when I right click so I ran that normally as well. that program worked Im not sure if it left a log somewhere or not

    rebooted the computer subinacl.msi still comes up with the same error
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I think you misinterpreted my last instructions. They did not ask you to run subinacl.exe. I only said to save it to your Desktop. I then asked you to run perm.cmd. Also I did not ask you to run subinacl.msi again. We already know that will not work because your Windows Installer service is broken. The subinacl.exe file I had you download was to allow us to work around this problem with the installer service.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\MGlogs.zip
     
  14. kschwarz1979

    kschwarz1979 Private E-2

    Im sorry, Im not to good with computers...as you can probably tell. I ran mgtools again
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay may be some permissions issue with various registry keys and we will need to change these so that we can import a registry fix.

    Copy the bold text in the quote box below to notepad ( do note copy the Quote: word ). Save it as fixSSDP.reg to your desktop. Be sure the "Save as" type is set to "all files".
    Make sure that you get the above file created and saved properly before continuing on with the next instructions


    Now please click Start, Run and type regedit into the Run box and click OK.
    • You should see the Windows Registry Editor open up.
    Now follow the below instructions for changing permissions for various registry keys using Regedit.
    • First navigate to the below registry key and have it selected
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV
    • Then right click on this key and select Permissions
    • Then on the Permissions for SSDPSRV for click the Add button
    • In the Enter the object names to select box type Everyone and click the Check Names button which should cause the Everyone text to be approved and underlined
    • Then click the OK button which returns you to the Permissions for SSDPSRV form
    • Make sure you select Everyone from the upper list, and then in the Permissions form Everyone box, select Full Control and see if it allows you to click the Apply button.
      • If you could Apply this then repeat the above for the below key
        • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters
      • If you could not Apply this then continue with the below for the SSDPSRV key
    • Click the Advanced button
    • On this Advanced... form, select the Owner tab.
    • On the Owner tab, do the next steps to add Everyone to owners and make Everyone the current owner
    • Click the Other users of groups... button
    • One the next form, in the Enter the object name to select box, type in Everyone and then click Check Names which will then verify that Everyone exists and will underline the text to show it was found
    • Then click OK
    • Then back on the Advanced Security Settings for SSDPSRV form select Everyone and then click the Apply button. And then OK out of this form.
    • Now you should be back at the Permissions for SSDPSRV form.
    • Select Everyone and see if you can now give Full Control by checking the box and clicking Apply.
    If the above works to get Full Control enabled for Everyone on the SSDPSRV key do the same thing for each the below key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSDPSRV\0000\Control
    If all of this works, then in the Registry Editor menu, click File and then select Import. Navigate your way to the fixSSDP.reg file you saved to your Desktop earlier and select it. Tell me EXACTLY what happens.

    Then no matter what happens above, continue with the below.

    Reboot your PC and after reboot continue.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\MGlogs.zip
     
  16. kschwarz1979

    kschwarz1979 Private E-2

    I was able to do everything up to the "Click the Other users of groups... button" I don't have the button in that Owner tab (or any of the tabs) but i do have a "replace owner on sub containers and objects" check box so I wasn't able to do those steps

    after importing fixSSDP.reg to the registry editor It say that it has been successfully entered into the registry.
     

    Attached Files:

  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looks like it was successful at correcting the registry entries for SSDPSRV but the service is still not running. Did you reboot your PC after getting the patch imported?

    Now please click Start, Run and type cmd into the Run box and click OK. This will open up a command prompt. Type the below command into the command prompt window and tell me exactly what you receive. Note is a space before and after the word "start"

    sc start ssdpsrv

     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    One more thing I want you to run.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure "Include All Files" option remains checked.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please attach this log to your next reply.
     
  19. kschwarz1979

    kschwarz1979 Private E-2

    service_name: ssdpsrv
    type: : 20 win32_share_process
    state: : 2 start_pending
    (not_stoppable, not_pausable,Ignores_shutdown)
    win32_exit_code : 0 (0x0)
    Service_exit_code : 0 (0x0)
    Checkpoint : 0x0
    wait_hint : 0x7d0
    pid : 2928
    flags :

    I did not see an "include all files" option, I had Internet services, windows firewall, system restore, security center. I clicked them all
     

    Attached Files:

    • FSS.txt
      File size:
      2.8 KB
      Views:
      1
  20. kschwarz1979

    kschwarz1979 Private E-2

    also I did reboot my computer last night after doing those steps
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now please click Start, Run and type services.msc into the Run box and click OK. This will open up the Services form. Scroll down to the Network Connections service and double click on it. If the Service status: shows Stopped or Disabled, click the Start button. Does it Start? Make sure that the Startup type is set to Manual.

    If the Network Connections service started, continue on with the below otherwise report back what happened.

    Now close the Network Connections form and scroll down to the Windows Firewall/Internet Connections Sharing (ICS) service and double click on it. If the Service status: shows Stopped or Disabled, click the Start button. Does it Start? Make sure that the Startup type is set to Automatic.

    Were you able to do the above? If yes, continue with the below, otherwise report back what happened.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\MGlogs.zip
     
  22. kschwarz1979

    kschwarz1979 Private E-2

    when i double click on the network connections it comes up with an error box that says "configuration manager: the plug and play service or another required service is not available" then proceeds to open network connections properties i change the startup type to manual and push apply, and comes up with the above message again once i click ok i am then able to start it.

    Computer gives me above message before entering the windows firewall/ICS properties. Once in the windows firewall/ICS properties, I keep startup type to automatic then press start. I get an error message that says "could not start the windows firewall/internet connection sharing (ICS) service on local computer. Error 2: the system cannot find the file specified"
     
  23. kschwarz1979

    kschwarz1979 Private E-2

    also ran mstools as well even though I was only able to do 1/2 of the steps
     

    Attached Files:

  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Does it stay Started even after a reboot? Check by rebooting and also get a new log from MGtools after the reboot.



    Hmmm! The file does show and is valid based on previous logs.
     
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After the reboot and attaching the new log from MGtools, continue with the below scan using sfc.


    Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. Let me know if it asks for the disk also take note of specifically which disk it asks for because it may make references to a certain service pack level.
     
  26. kschwarz1979

    kschwarz1979 Private E-2

    yes the network connections stayed started after the reboot.

    and yes it needs my windows XP service pack 3 CD, which I dont have but might be able to get one, however it might take a little bit
     
  27. kschwarz1979

    kschwarz1979 Private E-2

    and the mslogs.zip
     

    Attached Files:

  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then see if you can get the CD and complete an sfc scan with it. You need to get corrupted or missing files fixed so that we can be sure we are not having problems due to this.
     
  29. kschwarz1979

    kschwarz1979 Private E-2

    sorry nobody I know has the xp pro sp3 disk. I got a couple different copies off of the internet but none of them seem to work, (I might be doing something wrong). Somebody at my work might have one but I'll have to wait till Tuesday for that...anything you suggest or anywhere I could go online, short of buying a copy off of amazon?
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes!!!!! Downloading pirated software from the internet is one of the largest reasons people are infected.

    In short, no. But you need to get a disk to repair whatever the sfc /scannow function is finding to be a problem. I cannot be sure that it had anything to do with the current connection issues but it could have.

    I will however see if we can continue here anyway, but keep working on getting and XP SP3 CD anyway.




    Please download MiniRegTool.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:
    KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP\0000\Control
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSDPSRV
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSDPSRV\0000\Control
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV

    • Check List Permissions radio button.
    • Press Go button and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.
     
  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    From your logs, I can see lots of services that are not running that I would expect to be running. Sometimes there are slight differences between one PCs standard setup and another due to hardware differences, so it is not always so easy to know whether it is a problem or not. But some I expect to be running. Let's try a couple things below. Be sure to answer each question for each service. Takes notes so you can report back


    Now please click Start, Run and type services.msc into the Run box and click OK. This will open up the Services form. Scroll down to the Application Layer Gateway Service service and double click on it. If the Service status: shows Stopped or Disabled, click the Start button. Does it Start? Make sure that the Startup type is set to Manual.

    Now locate the IPSEC Services service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the DNS Client service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the Windows Firewall/Internet Connection Sharing (ICS) service and Start it and set the Startup type to automatic, Did this Start?

    Now locate the Plug and Play service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the Workstation service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the Server service and Start it and set the Startup type to Manual, Did this Start?

    Now locate the Computer Browser service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the TCP/IP NetBIOS Helper service and Start it and set the Startup type to Automatic, Did this Start?

    Now locate the SSDP Discovery Service service and Start it and set the Startup type to Manual, Did this Start?


    Now close the above services forms and reboot your PC. After reboot, get a new log from MGtools and attach it here along with your answers to what happened while trying to start all the above services.
     
  32. kschwarz1979

    kschwarz1979 Private E-2

    applications gateway services set to manual was stop and it started

    Ipsec services set to automatic will not start "could not start the IPSEC service on local computer. error 1068: the dependency service or group failed to start"

    DNS client set to auto will not start same error as above

    windows firewall/ICS set to auto will not start - "could not start windows firewall/ICS service on local computer. Error 2:the system cannot find the file specified.

    plug and play set to auto and started successfully

    workstation service set to manual started successfully

    server service set to manual ans started successfully

    computer browser service set to auto and started successfully

    tcp/ip netBIOS set to auto and started successfully

    ssdp discovery service set to manual came up with "The ssdp discovery service on local computer started and stopped. Some services stop automatically if they have mo work to do, for example, the performance logs and alert service."

    all of the above services were stopped, rebooted computer, I now have the network connections, and wireless network connections icon in the lower right side box along with the Time.
     

    Attached Files:

  33. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Some of the services that you saw started, almost immediately stopped again or stopped after reboot. This malware has caused a lot of damage and it is really looking like there may be no easy way to fix this short of a reinstall. However, one idea I have that may be worth a try is to reinstall Win XP SP3. This is a large download ( 316 MB ) but if you can download it and get it on to this PC and run it, perhaps it may help. Download the file from the below link:

    Windows XP Service Pack 3 Network Installation


    Install it and then reboot your PC. After reboot, attach a new log from MGtools and tell me if you have noticed any change.
     
  34. kschwarz1979

    kschwarz1979 Private E-2

    Im sorry I missed the previous post before your last one I ran mini reg tools im not sure if you still need it anymore, i am currently in the process of downloading the xp sp2 now
     

    Attached Files:

    Last edited: Dec 29, 2011
  35. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I hope you meant SP3 from the link I have you and not SP2 which you don't need.
     
  36. kschwarz1979

    kschwarz1979 Private E-2

    alright i downloaded SP3 and installed onto computer
     

    Attached Files:

  37. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well that shoots down that idea. It did nothing to cure this problem.

    I have one more idea to try right now.


    1. Go to Start ==> Run (or Windows key+R)
      • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
        (note that there is space after notepad)
      • The above file will open in the notepad.
      • Under TCP/IP Primary Install section find the following: Characteristics = 0xA0
      • Edit 0xA0 and replace it with 0x80 (replace A with 8)
      • Under File menu click Save and close the notepad.
    2. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
      • On the General tab, click Install a popup window opens.
      • Select Protocol from the list and then click Add.
      • A new window opens, click Have Disk....
      • In the browse... box type c:\windows\inf
      • Click OK.
      • Select Internet Protocol (TCP/IP), and then click OK.
      • On the Local Area Connection Properties screen select Internet Protocol (TCP/IP) and click Uninstall, and then click Yes.
      • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
    3. Go to Start ==> Run (or Windows key+R)
      • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
        (note that there is space after notepad)
      • A file opens in the notepad. Under TCP/IP Primary Install section find the following: Characteristics = 0x80
      • Edit 0x80 and replace it with 0xA0 (replace 8 with A)
      • Under File menu click Save and close the notepad.
    4. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
      • On the General tab, click Install
      • A popup window opens. Select Protocol.
      • A new popup window opens. Select Internet Protocol (TCP/IP), and then click OK.
      • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
    5. After restart please run Farbar Service Scanner again and save the fss.txt log to attach below.
    6. Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


      Then attach the below logs:
      • the new fss.txt log from Farbar's Service Scanner
      • C:\MGlogs.zip
     
  38. kschwarz1979

    kschwarz1979 Private E-2

    I dont have an Internet Protocol (TCP/IP) file in the c:\windows\inf folder...I have a bunch of .Inf files however when i go to wireless network connections and not local area connections and do the steps i have Internet Protocol (TCP/IP), when i click on it once it says "This driver is not digitally signed" I selected it and pressed ok, Im going to wait for conformation from your before I continue with the steps
     
  39. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The file name is this folder is nettcpip.inf
     
  40. kschwarz1979

    kschwarz1979 Private E-2

    ok I did the steps, and upon restarting I get a windows security alert "to help protect your computer windows firewall has blocked some features of this program." logitech desktop manager keep blocking, unblock, ask me later I clicked ask me later, and I also have sound now
     

    Attached Files:

  41. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Excellent. That fixed a whole bunch of services that were not running before. All of the below were fixed
    Code:
    [B]Service Name:              Started  Status[/B]
    ALG                          TRUE     OK      
    Apple Mobile Device          TRUE     OK      
    Bonjour Service              TRUE     OK      
    Dhcp                         TRUE     OK        
    Dnscache                     TRUE     OK      
    Nla                          TRUE     OK      
    PolicyAgent                  TRUE     OK      
    SharedAccess                 TRUE     OK      
    SSDPSRV                      TRUE     OK      
     
    [B]System Driver Name:        Started  Status[/B]
    Arp1394                      TRUE     OK      
    IpFilterDriver               TRUE     OK      
    IpNat                        TRUE     OK      
    Tcpip                        TRUE     OK      
    Wanarp                       TRUE     OK 
    Now please click Start, Run and type services.msc into the Run box and click OK. This will open up the Services form. Scroll down to the Application Layer Gateway Service service and double click on it. If the Service status: shows Stopped or Disabled, click the Start button. Does it Start? Make sure that the Startup type is set to Manual.

    Now locate the Computer Browser service and Start it and set the Startup type to Automatic, Did this Start?

    There may still be some more to fix. But now that your network related services all seem to be fixed, let's setup your connection again for DHCP. See how to do this in the below

    http://www.ehow.com/how_5072525_enable-dhcp-windows-xp.html

    Let me know when you have this finished.
     
    Last edited: Dec 30, 2011
  42. kschwarz1979

    kschwarz1979 Private E-2

    I completed the steps, and I don't have internet still, My dell wireless wlan card utility is not in the lower right like it use to be and when I go through the control panel to get to it, under the wireless network tab there is a X over my network name and when I go to the site monitor tab It sees my router and seems to connect when I double click but still no connection in the network connection page and applications gateway was started already and the computer browser said "the computer browser service on local computer started and stopped. Some services stop automatically if they have mo work to do, for example, the performance logs and alert service."
     
  43. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's get a log from a new version of MGtools just uploaded.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.
    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\MGlogs.zip
    It may be necessary to reinstall drivers/software for your wireless and wired connections.
     
  44. kschwarz1979

    kschwarz1979 Private E-2

    mglogs.zip
     

    Attached Files:

  45. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not download and use the new version of MGtools or somehow missed getting the current version. Could you please use get a new log from the neweset version?

    Also if you look in Device Manager are both of your network adapters showing with yellow exclamation marks on them which indicates a problem? I see that you have the below which both appear in a disconnected state:

    Broadcom 440x 10/100 Integrated Controller
    Dell Wireless 1505 Draft 802.11n WLAN Mini-Card

    Reinstalling the drivers or deleting the adapters with from Device Manager ( without deleting drivers ) and then rebooting may cause them to be redetected and reinstalled.
     
  46. kschwarz1979

    kschwarz1979 Private E-2

    I thought I did download the new version sorry, I attached the latest MGlogs with a freshly downloaded MGtools, I am going to try and Re-install the drivers now

    Under the device manager -> network adapter-> Dell Wireless 1505 Draft 802.11n WLAN Mini-Card the device status says it is working properly and there is no yellow exclamation mark next to it, and the broadcom as well
     

    Attached Files:

    Last edited: Dec 31, 2011
  47. kschwarz1979

    kschwarz1979 Private E-2

    I successfully installed the wireless adapter but upon installing the broadcom driver came up with the error "The windows installer service could not be accessed this can occour if you are running windows in safe mode, or if the windows Installer is not correctly installed, contact your support personnel for assistance"
     
  48. kschwarz1979

    kschwarz1979 Private E-2

    I rebooted my computer and now internet is up and running, This is very exciting! however I'm willing to bet I've got other problems.....
     
    Last edited: Dec 31, 2011
  49. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Excellent. What exactly did you have to do? Was it just deleting both of the adapters, rebooting , and then allowing the system to reinstall? Or did you have to reinstall from a CD?

    So let's see one more log now that you have a connection.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
     
  50. kschwarz1979

    kschwarz1979 Private E-2

    yeah I think re-installing the wireless driver from dells website is what did it, wasn't able to reinstall the broadcom driver, I usually use this computer wireless anyway
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds