Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lost internet connection on XP home


  • Please log in to reply
34 replies to this topic

#1 biddle

biddle

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 30 December 2011 - 11:07 AM

Have lost internet connection. diagnostics indicate winsoc needs reset and to complete repair to reboot computer.after reboot there is no change. any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 30 December 2011 - 12:21 PM

Hi

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

#3 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 30 December 2011 - 08:06 PM

Here is the log.

Farbar Service Scanner
Ran by cory biddle (administrator) on 30-12-2011 at 11:15:01
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-10 06:00] - [2011-08-17 08:49] - 0138496 ____A () 18E83C3FFECDEEDA041D1F4E96072AC9

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Gpc(3) IPSec(5) NetBT(6) pctgntdi(11) PSched(7) SYMTDI(16) Tcpip(4)
0x130000000500000001000000020000000300000004000000100000000F0000000B0000000D000000120000001300000011000000060000000700000008000000090000000A0000000C0000000E000000

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 30 December 2011 - 09:43 PM

Launch the FSS and type

afd.sys

CLick on search files

Post the generated log

#5 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 30 December 2011 - 10:47 PM

log

Farbar Service Scanner
Ran by cory biddle (administrator) on 30-12-2011 at 22:26:40
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\WINDOWS\system32\drivers\afd.sys
[2004-08-10 06:00] - [2011-08-17 08:49] - 0138496 ____A () 18E83C3FFECDEEDA041D1F4E96072AC9

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 06:40] - [2011-08-17 08:49] - 0138496 ____C (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-09-07 20:08] - [2008-04-13 14:19] - 0138112 ____N (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-10-13 02:05] - [2011-02-16 08:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008-09-26 05:32] - [2008-06-20 05:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-10-15 19:07] - [2008-08-14 05:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 06:48] - [2008-06-20 06:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 06:40] - [2008-06-20 06:40] - 0138496 ____A (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 05:44] - [2008-06-20 05:44] - 0138368 ____A (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-12 18:39] - [2011-08-17 08:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-06-15 13:14] - [2011-02-16 08:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 30 December 2011 - 10:56 PM

Download

http://swandog46.geekstogo.com/avenger2/avenger.zip

Extract and launch it

COpy the script and paste it in the BOX

Begin copying here:
Files to move:
C:\WINDOWS\ServicePackFiles\i386\afd.sys | C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys

Click on EXECUTE

Click YES,it will restart your computer.Log file should be generated in C:\avenger.txt.Make sure the script was executed successfully.

See if you can browse now

Good luck

#7 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 31 December 2011 - 09:19 AM

Here is the Avenger Logfile

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 31 December 2011 - 10:14 AM

Can you browse now?

Let me know if you still face issues

#9 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 31 December 2011 - 10:45 AM

Unnfortunately, the computer is still showing Limited or no connectivity.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 31 December 2011 - 10:52 AM

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck

#11 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 31 December 2011 - 02:21 PM

No change in status. I did notice that when the computer restarts that I get the following message.

Windows cannot find 'C:\DOCUME~1\CORYBI~1\LOCALS~1\TEMP\{10764~1.EXE' Make sure you typed the name correctly, and then try again. To search for a file, click tghe Start Button, and then click Search.

With an "OK" dialog box.

I dont know if this could have something to do with the problem.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 31 December 2011 - 02:48 PM

Launch the FSS again and type

afd.sys

CLick on search files

Post the generated log

Were you infected by rogue? Did you run any scans?

#13 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 01 January 2012 - 01:29 AM

yes and had ran malwarebytes to remove.here is log from fss.

Farbar Service Scanner
Ran by cory biddle (administrator) on 01-01-2012 at 01:24:14
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\WINDOWS\system32\drivers\afd.sys
[2004-08-10 06:00] - [2011-08-17 08:49] - 0138496 ____A () 18E83C3FFECDEEDA041D1F4E96072AC9

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 06:40] - [2011-08-17 08:49] - 0138496 ____C (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-09-07 20:08] - [2008-04-13 14:19] - 0138112 ____N (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-10-13 02:05] - [2011-02-16 08:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008-09-26 05:32] - [2008-06-20 05:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-10-15 19:07] - [2008-08-14 05:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 06:48] - [2008-06-20 06:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 06:40] - [2008-06-20 06:40] - 0138496 ____A (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 05:44] - [2008-06-20 05:44] - 0138368 ____A (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-12 18:39] - [2011-08-17 08:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-06-15 13:14] - [2011-02-16 08:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 01 January 2012 - 10:55 AM

Can you execute this again? afd.sys was not replaced

http://swandog46.geekstogo.com/avenger2/avenger.zip

Extract and launch it

COpy the script and paste it in the BOX

Begin copying here:
Files to move:
C:\WINDOWS\ServicePackFiles\i386\afd.sys | C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys

Click on EXECUTE

Click YES,it will restart your computer.Log file should be generated in C:\avenger.txt.Make sure the script was executed successfully.

See if you can browse now

Good luck

#15 biddle

biddle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 01 January 2012 - 02:18 PM

I am now showing that I have a connection but neigther Internet Explorer or Google Chrome will connect to the internet. I have reset modum and there is no change in status.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users