Things you might try to restore your windows networking after malware cleaning.


March 2012.

Introduction


Here is the situation: you removed a malware manually since any anti malware could not do anything beyond detecting the corrupted files. In the process, you deleted some infected system files, including some which were part of the networking stack.

Symptoms



Things you might try


Check that your LSP stack is correct and not damaged


Run LSP-Fix

Resetting the networking stack



> netsh int ip reset reset.log
> netsh winsock reset catalog

Restoring any missing or corrupted system files



> sfc /scannow

Checking that the AFD service is started



> sc qc afd
> sc query afd

If AFD is not started, check that its service definition and its device exist in the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="AFD"
"Description"="Environnement de prise en charge de réseau AFD"
"Group"="TDI"
"ImagePath"="\\SystemRoot\\System32\\drivers\\afd.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]
"ActiveService"="AFD"

Also, be sure to have a correct version of afd.sys in your system32/drivers/ folder.

Checking that other important services are started


Read the instructions at: http://www.smartestcomputing.us.com/topic/49542-cant-start-windows-firewall%3B-windows-firewall-service-missing-fix/

[Attached].

Run WinSockXPFix (XP Only)


Download and run WinSockXPFix.

Reset Internet Settings


Reset all the settings to default.

Check connection settings and remove any proxy.

Attachments