[oneeighty]

Hey all,

So my internet connection appears to be working fine [other housemates continue to use it without problems] but for some reason I'm finding that my own connection seems to be okay but is "acquiring network address" continuously, meaning I am unable to access the internet.

Currently my network connections set it to acquire an IP address automatically. Previously I manually input an IP address and whilst that told me that the connection was "very good" and "connected", I was still failing to access the internet [opening IE would lead to the "This page cannot be displayed..." message and repairing didn't help].

CMD'ing it shows that the IP address is currently 0.0.0.0 which is not ideal, so I wonder if I could manually input another IP address that may have more success?

Any suggestions would be much appreciated.

[TerryNet]

IP addresses of 0.0.0.0 are normally caused by one of the following.

Diagnosis:
1. DHCP Service not running.
2. Duplicate IP address on the network.
3. Bad NIC card drivers.
4. Defective NIC hardware.

Resolution:
1. Check Control Panel, Administrative Tools, Services. The DHCP Client service should be Started and its Startup Type should be Automatic.
2. Turn off ALL of the computers and other network connected devices, reboot the router, then restart all the computers and other network devices.
3. Check for upgraded drivers and/or reload the Network drivers.
4. Replace the Network Interface Card.

There has also been at least one case where switching from using Dell WLAN to XP’s WZC resolved the issue.

[oneeighty]

Hi Terry,

Thanks for your response.

Using resolution #1, this happened: Got a message saying: "Could not start the DHCP Client service on Local Computer". Error 1075: The dependency service does not exist or has been marked for deletion".

Any ideas?

Thanks again.

[TerryNet]

That's often caused by current or past malware. I have requested help from an expert.

What operating system do you have?

[oneeighty]

It's Windows XP, 2003. Thanks for your help.

[Cookiegal]

It does sound like the result of malware.

You will need to transfer this small program to the infected computer via USB flash drive.

Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.

• Make sure only the following option is checked:
  • Internet Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
• Please copy and paste the log to your reply.

[Cookiegal]

Is this the same computer and if so, was that never resolved over a month ago?

http://forums.techguy.org/networking...y-network.html

[oneeighty]

Here's the log:
Farbar Service Scanner Version: 09-06-2012
Ran by Asus (administrator) on 17-06-2012 at 16:57:34
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

[oneeighty]

Yes, same computer. Basically, I restored the system that day and this seemed to re-install the network adapter [though I could be mistaken...]

[Cookiegal]

Alright then. It looks like this is a separate issue. The NetBT service key is missing from the registry and this is generally caused by malware.

Both of the following can be transferred via USB flash drive to the desktop of the affected computer:

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.

[oneeighty]

Thanks a million. So I've downloaded GMER and it's currently scanning, but I can't seem to download DDS from either of those links for some reason...

[Cookiegal]

OK. You can just post the GMER log then when it's finished.

[oneeighty]

Will do. Thanks again for all of your help.

[Cookiegal]

Quote:

Originally Posted by oneeighty

Will do. Thanks again for all of your help.

You're welcome.

[oneeighty]

Log from GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-17 18:23:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.ALC
Running: 250hqf9f.exe; Driver: C:\DOCUME~1\Asus\LOCALS~1\Temp\kgayrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7BD2F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB7BD2FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB7BD3080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7BD311C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB3278$\1512024366 0 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\L 0 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\L\irdvmyof 162816 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U 0 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000cb 704 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@80000000 73728 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000c0 43008 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000cb 25600 bytes
File C:\WINDOWS\$NtUninstallKB3278$\1512024366\U\@800000cf 31232 bytes
File C:\WINDOWS\$NtUninstallKB3278$\3900421238 0 bytes

---- EOF - GMER 1.0.15 ----