Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Limited or no connectivity - XP Pro


  • Please log in to reply
7 replies to this topic

#1 barnacle brad

barnacle brad

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 25 February 2011 - 03:07 PM

Hi guys,
Looking for assistance reestablishing my internet connection after removing Google Redirect Virus. I have been working with SweetTech in the Malware Response Team who has requested I post here to resolve the connection issue.

The thread for my other post is here: Google Redirect - XP Pro

Any logs you wish to view please let me know and I will provide them.

I have verified settings for TCP/IP to automatically obtain IP and DNS Server address. IE and Firefox settings are set to no proxy. Cables have been verified, hardware verified inasmuch as the board has been recognized as new hardware when placed in different pci slot, device manager says it is enabled and working properly.

Can someone tell me: if I run an XP repair on my windows installation, will I lose software installations (MS Office, etc.) and or browser bookmarks/logon/password settings?

Thanks in advance for your help.

Brad

BC AdBot (Login to Remove)

 


#2 etaf

etaf

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Surrey, UK
  • Local time:11:22 AM

Posted 25 February 2011 - 03:50 PM

I have not read all that virus post
looking at the IP address from you adapter = 0.0.0.0 usually means


  • DHCP Service not running.
  • Duplicate IP address on the network.
  • Bad NIC card drivers.
  • Defective NIC hardware.

since we know this is a result of a virus - lets first check the status of all the service

also we can try a TCP/IP reset


------------------------------------------------------------------------
{Services}
post back the status - started/stopped and automatic/manual
Check your Services are Started on all PCs:
  • COM+ Event System (for WZC issues)
  • Computer Browser
  • DHCP Client
  • DNS Client
  • Network Connections
  • Network Location Awareness
  • Remote Procedure Call (RPC)
  • Server
  • TCP/IP Netbios helper
  • Wireless Zero Configuration (XP wireless configurations only)
  • WLAN AutoConfig (Vista wireless configurations only)
  • Workstation

Note: You can check the services in Control Panel, Administrative Tools, Services.

All of these services should be started, and their startup type should be automatic (or perhaps manual).

If a service is not running, open it's properties and check the dependencies. Check each of the dependencies and see which one is preventing the service from running.

Checking the event log is also a good idea here, there may be clues to what is failing.
Start > control panel > administrative tools > event Viewer

------------------------------------------------------------------------


------------------------------------------------------------------------

TCP/IP stack repair options for use with Windows XP with SP2/SP3.

Start, Run, CMD to open a command prompt:

In the command prompt window that opens, type type the following commands:

Note: Type only the text in bold for the following commands.

Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log

Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog

Reboot the machine.

Post back the results here
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste
------------------------------------------------------------------------

Edited by etaf, 25 February 2011 - 03:52 PM.

ETAF

#3 barnacle brad

barnacle brad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 25 February 2011 - 05:40 PM

* COM+ Event System (for WZC issues)Started Man
* Computer Browser Started Auto
* DHCP Client Not Started
* DNS Client Started auto
* Network Connections Started auto
* Network Location Awareness Started Man
* Remote Procedure Call (RPC) Started auto
* Server Started auto
* TCP/IP Netbios helper Not Started
* Wireless Zero Configuration (XP wireless configurations only) Started man
* WLAN AutoConfig (Vista wireless configurations only) (not listed)
* Workstation Started Auto

DHCP Depends on: AFD Networking Support Envirionment; Netbios over TCP/IP (TCP/IP Protocol Driver (IPSEC driver))

TCP/IP Netbios Helper depends on: AFD Networking Support Envirionment; Netbios over TCP/IP (TCP/IP Protocol Driver (IPSEC driver))

Event Viewer:
Error: DHCP Client Service (failed to start because a device attached to the system is not functioning)

Error: TCP/IP Helper Service (failed to start because a device attached to the system is not functioning)

Error: The following boot-start or system-start drivers failed to load: Netbt; sasdifsv; saskutil.

Thanks

#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:22 AM

Posted 25 February 2011 - 11:05 PM

There could be a problem with the NIC, however lets check and see if the AFD networking support environment is working properly. You can do this by going into the control panel and into the system folder click on view then show hidden devices in the right hand panel, click Non-plug and play devices, double click AFD Networking Support Environment, under device usage make sure use this device is checked. If AFD Networking Support Environment is not viewable in the device manager you need to make sure its set to start by checking the registry entry. Start the registry editor by going into the start menu and select the run command then type regedit. Next you want to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD in the right pane of the registry window click start and in the DATA box type 2 .


Credit: Microsoft NetBios communication

Edit: If the AFD system is working properly then I would suspect the NIC is damaged and you should try a different one or try that one in another computer.

Edited by Sneakycyber, 25 February 2011 - 11:06 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#5 barnacle brad

barnacle brad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 26 February 2011 - 02:07 PM

set data for AFD start to 2
exchanged ethernet card as well - no change in behavior

Edited by barnacle brad, 26 February 2011 - 02:19 PM.


#6 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:07:22 AM

Posted 26 February 2011 - 02:55 PM

Your DHCP client is not started. Go to services and open the DHCP client. Start the service. Once the service reports as started set the startup type as automatic.

Open a command window and type ipconfig /renew. Check for connectivity and if you do not have connectivity please post the results of an ipconfig /all here.
Get your facts first, then you can distort them as you please.
Mark Twain

#7 barnacle brad

barnacle brad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 26 February 2011 - 03:35 PM

Thanks for your help.
The issue is resolved by running sfc /scannow and fixing corrupt drivers.
I think the offending driver was netbt.sys.

Edited by barnacle brad, 26 February 2011 - 03:37 PM.


#8 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:22 AM

Posted 26 February 2011 - 04:12 PM

Glad you got it working and I learned something new :busy:
Thank you for posting your solution it helps aid BC staff in future problems and helps members who may run into the same scenario.:thumbup2:
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users