Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus attacking network access plus

Started by tjay , Feb 01 2013 12:13 PM

  • Please log in to reply

#31
RKinner
Posted 07 February 2013 - 11:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the next 2 lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp > \junk.txt
notepad \junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open. Copy and paste the text from notepad. (Close the Command Window)
  • 0

Advertisements

#32
tjay
Posted 08 February 2013 - 05:38 AM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Good Morning Ron,

report from your latest request:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore.dll
DisplayName REG_SZ @%SystemRoot%\system32\dhcpcore.dll,-100
Group REG_SZ TDI
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Description REG_SZ @%SystemRoot%\system32\dhcpcore.dll,-101
ObjectName REG_SZ NT Authority\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ NSI\0Tdx\0Afd
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Configurations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Parametersv6
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Security

Thanks
  • 0

#33
RKinner
Posted 08 February 2013 - 12:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.


I think it reboots when done. IF not, reboot it.

If that doesn't help then go back into Services, DHCP Client and change the Startup Type: to Automatic (Delayed Start). Apply. Reboot.

If it won't let you change the Startup Type let me know.

Copy the next 4 lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd > \junk.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx >> \junk.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi >> \junk.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp >> \junk.txt
notepad \junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open. Copy and paste the text from notepad. (Close the Command Window)
  • 0

#34
tjay
Posted 08 February 2013 - 02:11 PM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
quote: If that doesn't help then go back into Services, DHCP Client and change the Startup Type: to Automatic (Delayed Start). Apply. Reboot.

If it won't let you change the Startup Type let me know.

When attempting to apply the delayed start a warning box appears with the following text

The delayed Auto-Start flag could not be set

Error 87: The parameter is incorrect.
  • 0

#35
tjay
Posted 08 February 2013 - 02:17 PM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
this is the latest post to your previous post.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd
BootFlags REG_DWORD 0x1
DisplayName REG_SZ @%systemroot%\system32\drivers\afd.sys,-1000
Group REG_SZ PNP_TDI
ImagePath REG_EXPAND_SZ \SystemRoot\system32\drivers\afd.sys
Description REG_SZ @%systemroot%\system32\drivers\afd.sys,-1000
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x1
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx
DisplayName REG_SZ @%SystemRoot%\system32\tcpipcfg.dll,-50004
Group REG_SZ PNP_TDI
ImagePath REG_EXPAND_SZ system32\DRIVERS\tdx.sys
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x1
Tag REG_DWORD 0x4
Type REG_DWORD 0x1
DependOnService REG_MULTI_SZ Tcpip
Description REG_SZ @%SystemRoot%\system32\tcpipcfg.dll,-50004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi
DisplayName REG_SZ @%SystemRoot%\system32\nsisvc.dll,-200
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalService
Description REG_SZ @%SystemRoot%\system32\nsisvc.dll,-201
ObjectName REG_SZ NT Authority\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ nsiproxy
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeCreateGlobalPrivilege\0SeImpersonatePrivilege
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore.dll
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Description REG_SZ @%SystemRoot%\system32\dhcpcore.dll,-101
ObjectName REG_SZ NT Authority\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ NSI\0Tdx\0Afd
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Configurations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Parametersv6
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp\Security
  • 0

#36
RKinner
Posted 08 February 2013 - 02:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Now that I try it mine will not let me change DHCP to Delayed Start either. I can stop and start the service tho which you can't do so let's try to reset the registry permissions:

http://www.tweaking....ermissions.html

Click on the second download Direct Download.

Save the file and then right click on it and Run As Admin.

It should reboot when done. If not reboot it. Can you now stop and start the DHCP Client service?
  • 0

#37
tjay
Posted 08 February 2013 - 03:38 PM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I have carried out the steps, I have attached an information message that appeared, how long should the tweaking settings run for it completed in just over 2 min with a Stop button active I waited another 2 min with no change so rebooted, not sure if I got that procedure rightservices.jpg
  • 0

#38
RKinner
Posted 08 February 2013 - 05:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Not sure how long it should take. I just ran it myself and it took 3:30 to do the three sections of the registry then it appears to do nothing and the status didn't show anything so I clicked on Stop and it said it was finishing up but nothing happened. I checked the task manager and it said nothing was happening so I x'd the program and then Windows came up and asked if it had installed OK.

Let's look at the file itself and see if that has the correct permissions:

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms64.exe by right clicking and Run As Admin.
Copy and paste the following in the edit box:


c:\windows\system32\dhcpcore.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Then try to stop and start DHCP Client again.
  • 0

#39
tjay
Posted 09 February 2013 - 04:09 AM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Morning Ron,

Grant Perms result:

GrantPerms by Farbar
Ran by TOM (administrator) at 2013-02-09 09:59:29

===============================================
\\?\c:\windows\system32\dhcpcore.dll

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


Still unable to Stop DHCP Client, previous JPG information box, comes up again.
  • 0

#40
RKinner
Posted 09 February 2013 - 10:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I see you have WinPatrol. I wonder if it is keeping us from controlling DHCP? In any event it has a delay feature. Don't remember exactly how it works but it should be easy to figure out. See if you can get it to delay DHCP Client. If not try uninstalling WinPatrol to make sure it is not causing the problem.
  • 0

Advertisements

#41
tjay
Posted 09 February 2013 - 01:04 PM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ron, have checked out Win Patrol but unable to find DHCP within the folders so unable to delay startup.

I wonder if it would be worth going back to when things were working reasonably well albeit spasmodically, I believe it was my reply to you on 6 February, only a suggestion as I'm concerned about the problems I'm presenting you with, however I in turn will follow any instructions you give me and thanks for your support and efforts to date. I feel sure you will crack it eventually.

Tom
  • 0

#42
RKinner
Posted 09 February 2013 - 01:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you rerun the repair program it would be interesting to see which check marked item actually fixed it for a while. Perhaps you could run it several times with different check marks and find out which fixed it. My guess would be one of the first three items.
  • 0

#43
RKinner
Posted 09 February 2013 - 02:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Let's look at the actual interfaces in the registry:

Copy the next 3 line:

ipconfig /all > \junk.txt
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces" /s >> \junk.txt
notepad \junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open. Copy and paste the text from notepad. (Close the Command Window)
  • 0

#44
tjay
Posted 10 February 2013 - 04:38 AM

tjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Ron,

This is the report requested from post 43:

Windows IP Configuration

Host Name . . . . . . . . . . . . : TOM-ADVENT
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-89-A5-E6-35-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f9:c4b1:bb2d:4545%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 February 2013 10:05:14
Lease Expires . . . . . . . . . . : 19 March 2149 17:01:04
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 227314085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-9E-55-F6-8C-89-A5-E6-35-5F
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8de:e9c:a3eb:a8d7(Preferred)
Link-local IPv6 Address . . . . . : fe80::8de:e9c:a3eb:a8d7%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1C472E69-E0EC-4D6A-A73C-31A53ABC2952}
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
DhcpServer REG_SZ 255.255.255.255
Lease REG_DWORD 0xffffffff
LeaseObtainedTime REG_DWORD 0x506efd7d
T1 REG_DWORD 0xd06efd7c
T2 REG_DWORD 0x706efd7c
LeaseTerminatesTime REG_DWORD 0x7fffffff
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x0
DhcpNetworkHint REG_SZ 2456C6B696E6F5032454932364
DhcpInterfaceOptions REG_BINARY 35000000000000000000000000000000D8FD6E5036000000000000000000000000000000D8FD6E5033000000000000000000000000000000D8FD6E5001000000000000000000000000000000D8FD6E5003000000000000000000000000000000D8FD6E500F000000000000000000000000000000D8FD6E5006000000000000000000000000000000D8FD6E50
DhcpGatewayHardware REG_BINARY C0A80201060000009444520BE92F
DhcpGatewayHardwareCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1C472E69-E0EC-4D6A-A73C-31A53ABC2952}\2456C6B696E6F5032454932364
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
DhcpIPAddress REG_SZ 192.168.2.13
DhcpSubnetMask REG_SZ 255.255.255.0
DhcpServer REG_SZ 192.168.2.1
Lease REG_DWORD 0xffffffff
LeaseObtainedTime REG_DWORD 0x506efd7d
T1 REG_DWORD 0xd06efd7c
T2 REG_DWORD 0x706efd7c
LeaseTerminatesTime REG_DWORD 0x7fffffff
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x0
DhcpNetworkHint REG_SZ 2456C6B696E6F5032454932364
DhcpInterfaceOptions REG_BINARY FC00000000000000000000000000000083FD6E5006000000000000000400000000000000FFFFFFFFC0A802010F000000000000000700000000000000FFFFFFFF42656C6B696E000003000000000000000400000000000000FFFFFFFFC0A8020101000000000000000400000000000000FFFFFFFFFFFFFF0033000000000000000400000000000000FFFFFFFFFFFFFFFF36000000000000000400000000000000FFFFFFFFC0A8020135000000000000000100000000000000FFFFFFFF05000000
DhcpGatewayHardware REG_BINARY C0A80201060000009444520BE92F
DhcpGatewayHardwareCount REG_DWORD 0x1
DhcpNameServer REG_SZ 192.168.2.1
DhcpDomain REG_SZ Belkin
DhcpDefaultGateway REG_MULTI_SZ 192.168.2.1
DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E171CFDF-394B-43CA-8383-61FF23C1A87A}
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
DhcpServer REG_SZ 192.168.2.1
Lease REG_DWORD 0xffffffff
LeaseObtainedTime REG_DWORD 0x511770da
T1 REG_DWORD 0xd11770d9
T2 REG_DWORD 0x711770d9
LeaseTerminatesTime REG_DWORD 0x7fffffff
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x0
DhcpIPAddress REG_SZ 192.168.2.3
DhcpSubnetMask REG_SZ 255.255.255.0
DhcpInterfaceOptions REG_BINARY FC0000000000000000000000000000002671175106000000000000000400000000000000FFFFFFFFC0A802010F000000000000000700000000000000FFFFFFFF42656C6B696E000003000000000000000400000000000000FFFFFFFFC0A8020101000000000000000400000000000000FFFFFFFFFFFFFF0033000000000000000400000000000000FFFFFFFFFFFFFFFF36000000000000000400000000000000FFFFFFFFC0A8020135000000000000000100000000000000FFFFFFFF05000000
DhcpGatewayHardware REG_BINARY C0A80201060000009444520BE92F
DhcpGatewayHardwareCount REG_DWORD 0x1
DhcpNameServer REG_SZ 192.168.2.1
DhcpDomain REG_SZ Belkin
DhcpDefaultGateway REG_MULTI_SZ 192.168.2.1
DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0
  • 0

#45
RKinner
Posted 10 February 2013 - 02:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on (My) Computer and select Manage then Device Manager. Find the Network Adapters and click on the arrow or + in front of it. For each item under Network Adapters, right click and Uninstall. Once done. Reboot.

Windows will rediscover the network adapters and reinstall them.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP