Things you might try to restore your windows networking after malware cleaning.

---

Introduction

Here is the situation: you removed a malware manually since any anti malware could not do anything beyond detecting the corrupted files. In the process, you deleted some infected system files, including some which were part of the networking stack.

Symptoms

• You can ping both local and internet IPs, so this mean ICMP and your hardware is working.
• You cannot open any TCP/UDP connection (they all fail instantly (i.e. no timeout)).
• DHCP does not work either.

Things you might try

Check that your LSP stack is correct and not damaged

Run LSP-Fix

Resetting the networking stack

> netsh int ip reset reset.log
> netsh winsock reset catalog

Restoring any missing or corrupted system files

> sfc /scannow

Checking that the AFD service is started

> sc qc afd
> sc query afd

If AFD is not started, check that its service definition and its device exist in the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="AFD"
"Description"="Environnement de prise en charge de réseau AFD"
"Group"="TDI"
"ImagePath"="\\SystemRoot\\System32\\drivers\\afd.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]
"ActiveService"="AFD"

Also, be sure to have a correct version of afd.sys in your system32/drivers/ folder.

Checking that other important services are started

Read the instructions at: http://www.smartestcomputing.us.com/topic/49542-cant-start-windows-firewall%3B-windows-firewall-service-missing-fix/

[Attached].

Run WinSockXPFix (XP Only)

Download and run WinSockXPFix.

Reset Internet Settings

Reset all the settings to default.

• Control Panel -> Internet Options
• Advanced tab
• Reset Internet Explorer

Check connection settings and remove any proxy.

• Control Panel -> Internet Options
• Connections -> LAN Settings
• Check all params

Attachments

• WinsockxpFix.exe
• lspfix.zip
• services_related_information_and_tools.zip

---