Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TCP/IP Protocol Driver problem


  • Please log in to reply
7 replies to this topic

#1 Frazzled1

Frazzled1

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 22 November 2010 - 04:17 PM

Hello, Please refer to the following link, where I was working with Kahdah in the spyware forum section.

http://www.bleepingcomputer.com/forums/topic359104.html/page__pid__2028501__st__30#entry2028501

We had extensively worked through various fixes to try and restore my computer's functionality, all to no avail. I am willing to try anything short of a complete reformat/reinstall to get my system running.

In summary, here is the basic problem with my computer. I was running XPSP3 on a dell desktop. I had windows firewall running as well as AVG free. Someone was using my computer on Facebook and some error message popped up. They thought nothing about it and shut down the computer. Upon me restarting it, I noticed that AVG and windows firewall were disabled and I had no internet access. I ran several scans to no avail. Finally I downloaded on another computer, Dr Web Cureit and ran that, finding and removing a couple of trojans. Still I could not restore functionality to my computer, so I uninstalled AVG and tried to system restore, whereupon I found out that ALL of my restore points were corrupt. I deleted those and tried the various troubleshooting techniques as proposed by your team. IPCONFIG returns an error message, and the TCP/IP protocol driver has a yellow exclamation mark in front of it. Did the winsock, tcpip, and network removal install as well as lsp fix and more. Whew! I am running out of ideas. There MUST be a way to correct this. Is it firewall,network, or both related?

Thank you in advance!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 22 November 2010 - 09:58 PM

IPCONFIG returns an error message

...which is?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 23 November 2010 - 11:08 AM

Sorry about the delay, but I have to use a friends computer to work on this. I am not sure if I linked my reply properly to the various things we did in the spyware forum. Nevertheless, I am still having the following problem.

I cannot start the windows ICS service which is set to auto. Manually trying gives me the following error message:
Could not start the windows firewall/internet connection sharing service (ICS) on local computer. Error 2: the system cannot find the file specified.

IPconfig /flushdns gives the following error:
An internal error occured:the request is not supported. Unable to query hostname.

IPconfig /all returns the following:
An internal error occured: the request is not supported. please contact microsoft product support for further help.
Additional information: unable to query host name

Hmmm, while running combofix from safe mode, i noticed in the logfile that my TCPIP.sys was missing... how can that be after I expanded it personally into the proper directory before I was forwarded to this forum... Darn no improvement after reboot. It is still in the correct directory.

Devmgmt reports yellow exclamation mark in front of the ipsec driver and the TCP/IP Protocol driver.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 23 November 2010 - 07:44 PM

I think, this whole issue is related to TCPIP.SYS file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    TCPIP.SYS
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 23 November 2010 - 08:35 PM

Hello Broni,
and thanks for helping here. I have attached the log file at the end of this post.
Also while I was waiting for a reply from you, I installed and ran MS network diagnostics. The netdiag /test:winsock /v command produced the following error message.

<232> [FATAL] Cannot find TCP/IP configuration from the registry.
Here is the log....WHy are there so many filesizes for the TCPIP.sys file?

SystemLook 04.09.10 by jpshortstuff
Log created at 19:27 on 23/11/2010 by Rudy
Administrator - Elevation successful

========== filefind ==========

Searching for "TCPIP.SYS"
C:\i386\tcpip.sys --a---- 359040 bytes [22:08 25/04/2005] [11:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys --a---- 359936 bytes [19:07 25/05/2005] [19:07 25/05/2005] 63FDFEA54EB53DE2D863EE454937CE1E
C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys --a---- 360448 bytes [16:23 17/02/2006] [17:07 13/01/2006] 5562CC0A47B2AEF06D3417B733F3C195
C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys --a---- 360576 bytes [12:18 20/04/2006] [12:18 20/04/2006] B2220C618B42A2212A59D91EBD6FC4B4
C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys --a---- 360832 bytes [16:53 30/10/2007] [16:53 30/10/2007] 64798ECFA43D78C7178375FCDD16D8C8
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys --a---- 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys --a---- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a---- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys -----c- 360320 bytes [16:25 27/07/2009] [10:45 20/06/2008] 2A5554FC5B1E04E131230E3CE035C3F9
C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys -----c- 359040 bytes [21:27 06/07/2005] [11:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys -----c- 359808 bytes [16:45 17/02/2006] [19:04 25/05/2005] 88763A98A4C26C409741B4AA162720C9
C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys -----c- 359808 bytes [00:31 20/06/2006] [02:28 13/01/2006] 583E063FDC888CA30D05C2724B0D7EF4
C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys -----c- 359808 bytes [03:15 19/01/2008] [11:51 20/04/2006] 1DBF125862891817F374F407626967F4
C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys -----c- 360064 bytes [16:09 25/07/2009] [17:20 30/10/2007] 90CAFF4B094573449A0872A0F919B178
C:\WINDOWS\$NtUninstallKB951748_1$\tcpip.sys -----c- 361344 bytes [16:42 27/07/2009] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\ERDNT\cache\tcpip.sys --a---- 361600 bytes [21:26 23/01/2010] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361344 bytes [15:42 23/11/2010] [06:50 14/04/2008] 93EA8D04EC73A85DB02EB8805988F733

-= EOF =-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 23 November 2010 - 09:07 PM

WHy are there so many filesizes for the TCPIP.sys file?

Over time Windows will accumulate different versions of the same files, mostly due to Windows updates.

Try to check this link: http://bartvdw.wordpress.com/2008/03/16/troubleshooting-tcpip/

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 23 November 2010 - 09:34 PM

OK, Seems as if I have a lot of homework to do. I will keep you posted as to my progress.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 23 November 2010 - 09:43 PM

I'll be around :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users