My relative has the same problem with the Security Protection Malware. I searched the net and was able to show him how to delete it (in safe mode--Networking). He was able to use the internet after that. I have some more information below. Please read the following which I got off the MicroSoft site and then my notes below:
http://answers.micro...04-9eaab2c40884
"Question
DHCP client won't start due to dependency
Applies To: Windows | Windows XP | Networking, Mail, and Getting Online
Suddenly my IBM T61 Windows XP Pro sp3 laptop will no longer connect to my Belkin router, either wired or wireless. This began after I allowed a series of Windows Updates to occur. Using ipconfig and other signs it appears that the DHCP process no longer occurs. Looking in the Device Manager Non-Plug-and-Play I could see that there was a yellow flag next to 'netBT' which is a dependency for a number of services like DHCP. Windows suggested I uninstall then reinstall the 'driver' netBT.sys. Well, it uninstalled OK but now it is off the list and without it loaded I am cut off from the network (I have a second Vista Home laptop that I am using to prowl for tech ideas). I moved a copy of netBT.sys from the Service pack 3 i386 folder into system32\drivers to replace the old one, just in case.
How to I get netBT to load and function again? I have spent many hours rebooting, enabling and disabling, and anything else that I could think of or find on Tech Boards.February 11, 2010
***
Answer SOLVED. Corrupted NetBT registry entry. HKLM\system\currentcontrolset\services\NetBT
After many hours of detective work I found the clue in the Events log through MSCONFIG. Error type 7001 means service failed to start because of a dependency (I knew that), but it went on to say "dir name or path syntax not correct". I went into the registry and used exactly the same path syntax as specified in NetBIOS "system32\DRIVERS\netBT.sys" and DHCP service started.
Jim in ArizonaFebruary 12, 2010
********
In reply to AZJim post on February 12, 2010
I had a similar event after hours of spending on why I cant pick up an IP address and not being able to start the DHCP client I came to the conclusion it must be a dependency
I did find that you need three things to be running for DHCP to work
here is the solution for me it was a matter of copying the file from a working computer and slamming into the drivers folder in system32
Symptom
DHCP Client Service may not automatically. When you attempt to start the Service manually, the following error may be displayed:
Error: Could not start the DHCP Client Service on local computer
Error 1068: The dependency service or group failed to start.
Resolution
The DHCP Client Service in Windows XP, depends on these three components:
•AFD
•NetBios over Tcpip
•TCP/IP Protocol Driver
If one of the above drivers fail to start, then the DHCP Client Service may not start.
Step I - Make sure that the three driver files are present
Open Windows Explorer and navigate to %Windir%\System32\Drivers folder. Make sure that the following files are present in the folder:
•afd.sys
•tcpip.sys
•netbt.sys
If one or more of the above driver files are missing, extract them from the Windows XP CD-ROM or from the ServicePackFiles\i386 folder, whichever is the latest version.
Step II - Verify the number of Dependencies
From other sources in the Web, I've found that installation of Norton Antivirus (NAV) adds an entry to the DHCP Service dependencies, and removing NAV does not remove the corresponding entry from the DHCP Dependencies.
To view the dependency services registered for DHCP Client Service, type the following command in Start, Run dialog:
CMD /K SC QC DHCP
Verify the output. It should be exactly as below:
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem
If additional entries are listed under DEPENDENCIES...
If any other additional drivers or Services are mentioned in the DEPENDENCIES section, you need to remove them via the registry. Follow these steps:
•Click Start, Run and type Regedit.exe
•Navigate to the following branch:
•Backup the branch to a REG file
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Dhcp
•Double-click DependOnService value and set its data as follows:
Tcpip
Afd
NetBT
•Close Regedit.exe
Step III - Verify that the Dependency Service / components are running
Next step is to verify that the three dependency components are running. Follow the steps below:
•Click Start, Run and type DEVMGMT.MSC
•In the View menu, click Show hidden devices
•Double-click Non-Plug and Play drivers section
•Double-click the entry AFD, and click the Driver tab
•Set the Startup type to System.
•Start the service. Note down the error message if any.
•Similarly start the two other drivers namely:
•TCP/IP Protocol Driver
•NetBios over Tcpip
•Close Device Manager and restart Windows
June 29, 2010
**********
In reply to AZJim post on February 12, 2010
THANK YOU!!! Just spent a few quality hours trying to resolve this exact issue... something deleted the netbt.sys... and after finding a new copy I dropped it in system32.... which was the wrong path according to that registry key.
Changed the reg key.... and BAM.... back in Business!
Thank YOU!"
***
Now this is Shesshu writing (me) again.
What happened to my relative was that AVG (a security suite) noticed that something was wrong with HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ NetBT (this was the next day, after we did the fix to remove "Security Protection"). My relative moved the possibly malicious file to AVG's virus vault as suggested by the AVG prompt.
However, that removed the NetBT "folder" from the registry. He was still able to access the internet (as stated above), I presume since he had an established connection already. He browsed a bit, powered down the PC and the next day was not able to access his DSL service. He called me.
After "Googling" around I stumbled onto the MicroSoft thread (link above) and this page.
Indeed, his DHCP would not "Start". He only had 2 dependencies, AFD Networking Support Environment and TCP/IP Protocol Driver. I assumed he needed another, NetBios over Tcpip 'NetBT' (but it was missing--we found it in the Virus Vault). I told him to "restore" it, and sure enough it appeared in the registry (it had been missing from there).
He went to Control Panel\Administrative Tools\Services and DHCP was already started and running and had all 3 dependencies listed: Tcpip/Afd/NetBT.
We still had no internet access so he restarted his PC. He still was not able to connect. His DSL provider was lost and had no "real" solutions (they passed it onto his PC maker).
As a note, my relative said that .NetBT appeared in "Services" (in the registry) as well as the restored NetBT (also in Services in the registry). It is possible that .NetBT and NetBT was flagged by AVG for potential removal since the files may be corrupt. He read me the files and they appeared okay, but my knowledge in this is limited.
He went into c:\windows\system32\drivers and when he right clicked NetBT.sys AvG said the file was infected, but only the "Ignore" option was available. He "Ignored" and right clicked NetBT.sys again and was able to delete it. We saved a backup NetBT.sys from ServicePackFiles\i386 folder to desktop but when he tried to move it into the "drivers" folder, a message told him that it was already there and could not be copied (yet he saw it go into the recycle bin). I assume that when he deleted it, XP replaced it with a "good" copy. He scanned the "new" NetBT.sys driver with AVG and it was clean. He also scanned AFD.sys and tcpip.sys and they were clean.
He restarted his PC but still did not have internet access. DHCP Client was fine in services (started and automatic). He right clicked local connection (in Network Connections) and then Status. The Status was connected, but there was no Activity (no packets sent/received). Clicking on the Support Tab he saw nothing, not even AddressType: Assigned by DHCP.
I'm now trying to figure out how to make it "Assigned by DHCP" and I hope I'm on the right track. I'm still researching and any help would be appreciated. I will post any new finding. Thanks.
Edited by Sesshu, 02 September 2011 - 01:28 PM.
Sign In
Create Account
