Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TCP/IP Issue


  • Please log in to reply
35 replies to this topic

#1 foz_124

foz_124

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 January 2012 - 11:40 PM

Here's the deal, I recently had the XP Home Security 2012 virus/malware on my computer. I was able to follow a youtube video to download malwarebytes.org to removed said nuisance. After removing that, I scanned my computer with SUPERAntispyware (free edition). This is where my current issue began, after removing the adware, trojans, and cookies I restarted my computer and seemed to lose complete internet connection when modem and clients indicate it's connected. When I looked at the Local Area Connection Status is indicated that 165 Packets were being sent but 0 were being received. This lead me to try to Repair Local Area Connection when it indicated this: Windows could not finish repairing the because the following action cannot be completed:

Failed to query TCP/IP setting of the connection. Cannot proceed. For assistance, contact the person who manages your network.

Following this, I tried to access internet explorer when the browser displayed: 'Internet Explorer cannot display the webpage.' I gave more information and allowed me to diagnose connection problems which I clicked. The diagnostic log indicated this:

Last diagnostic run time: 01/03/12 21:14:25 WinSock Diagnostic

WinSock status
info
All base service provider entries are present in the Winsock catalog.

info
The Winsock Service provider chains are valid.

error
Provider entry MSAFD Tcpip [TCP/IP] could not perform simple loopback communication. Error 10050.

error
Provider entry MSAFD Tcpip [UDP/IP] could not perform simple loopback communication. Error 10050.

error
Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error 10091.

error
Provider entry RSVP TCP Service Provider could not perform simple loopback communication. Error 10091.

error
A connectivity problem exists with an installed LSP.

action
Automated repair: Reset WinSock catalog

action
Successfully executed: netsh winsock reset catalog

info
System restart required




Network Adapter Diagnostic

Network location detection

info
Using home Internet connection


Network adapter identification

info
Network connection: Name=Local Area Connection, Device=SiS 900-Based PCI Fast Ethernet Adapter, MediaType=LAN, SubMediaType=LAN

info
Network connection: Name=1394 Connection 2, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394

info
Ethernet connection selected


Network adapter status


info
Network connection status: Connected





HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity



warn
FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn
HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn
HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn
FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn
HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved

warn
HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved

error
Could not make an HTTP connection.

error
Could not make an HTTPS connection.

error
Could not make an FTP connection.




I then did as commanded and restarted the computer with zero luck.


After doing that I began to google information regrading this issue and came across some theories through message boards. The first thing I tried was this:





Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\HP_Owner> netsh int ip reset reset.log



C:\Documents and Settings\HP_Owner> netsh winsock reset catalog

Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset.



C:\Documents and Settings\HP_Owner>



Rebooted!!



Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.



C:\Documents and Settings\HP_Owner> IPCONFIG /ALL

Windows IP Configuration

An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.



C:\Documents and Settings\HP_Owner>

This became a dead end as well.

Then I tried to access network connections, R-clicked Icon to properties and highlighted internet protocol.

Clicked properties – IP & DNS were both marked to obtain addresses automatically.

Clicked install – Client – Add – (Windows was unable to find drivers for the device).

Click install – Service/Protocol – Same thing occurred



I’m out of ideas and desperately need HELP. PLEASE SOMEONE HELP!





Ps. I have also tried XP TCPIP Repair and WinSock Fix.

Edited by hamluis, 04 January 2012 - 09:23 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 04 January 2012 - 12:04 AM

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

#3 foz_124

foz_124
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 January 2012 - 12:17 AM

Farbar Service Scanner
Ran by HP_Owner (administrator) on 03-01-2012 at 23:13:37
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AvgTdiX(86) fssfltr(11) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(3) Tcpip6(12)
0x0D00000004000000010000000200000003000000080000000C00000056000000050000000600000007000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Edited by foz_124, 04 January 2012 - 12:22 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 04 January 2012 - 02:31 AM

Launch the FSS again and type

ipsec.sys in the BOX

Click on search files

Post the generated log

#5 foz_124

foz_124
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 January 2012 - 11:40 AM

Farbar Service Scanner
Ran by HP_Owner (administrator) on 04-01-2012 at 10:05:44
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "ipsec.sys" ===================

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-09-03 13:07] - [2008-04-13 13:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-09-03 13:07] - [2008-04-13 13:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-01-28 11:04] - [2004-08-03 22:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 04 January 2012 - 08:51 PM

Press Windows+ R key and type

dllcache and click ok

Copy ipsec.sys from the location and paste it in C:/Windows/system32/drivers folder

Restart your PC and check your browser.

Good luck

#7 foz_124

foz_124
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 January 2012 - 11:41 PM

Thank you very much!!! It actually worked!! I appreciate your help!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 05 January 2012 - 12:03 AM

You're welcome :thumbsup:

#9 amyneedsHELP

amyneedsHELP

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 January 2012 - 04:20 PM

I have the identical problem, caused by the same virus, and using the same malware removal tools. I did a scan on my computer and was hoping you could tell me the solution for mine as well. (I wasn't missing the same file, though.)
Thanks in advance.

Farbar Service Scanner
Ran by TonyP (administrator) on 14-01-2012 at 16:07:02
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AvgTdiX(86) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000560000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 14 January 2012 - 08:00 PM

amyneedsHELP

launch farbar service scanner again and type

afd.sys and click on search files

Post the generated log here

#11 amyneedsHELP

amyneedsHELP

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 January 2012 - 08:56 PM

Thanks for looking at this. So appreciative.

Farbar Service Scanner
Ran by TonyP (administrator) on 14-01-2012 at 20:50:50
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\WINDOWS\system32\dllcache\afd.sys
[2008-04-14 07:00] - [2011-02-16 08:22] - 0138496 ___AC (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2010-05-28 18:47] - [2008-06-20 06:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2010-05-28 18:41] - [2008-04-14 07:00] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-09-03 12:46] - [2008-08-14 05:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2011-09-03 12:47] - [2008-10-16 09:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2010-05-26 09:05] - [2008-08-14 05:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2010-05-26 09:06] - [2008-06-20 06:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ___AC (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-09-03 12:37] - [2011-02-16 08:25] - 0138496 ___AC (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 14 January 2012 - 08:59 PM

Press Windows+ R key and type

dllcache and click ok

Copy afd.sys from the location and paste it in C:/Windows/system32/drivers folder

Restart your PC and check your browser.

Good luck

Edited by narenxp, 14 January 2012 - 09:00 PM.


#13 amyneedsHELP

amyneedsHELP

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 January 2012 - 09:16 PM

That was it! You are a genius. I have been spinning my wheels all day on this.
I have another laptop that someone gave me that I can't connect to my router. It says "limited or no connectivity".
Can you offer some ideas I can try. Hate to bother you again.
- Amy

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:28 AM

Posted 14 January 2012 - 09:27 PM

Good news :)

Please post the FSS log of the laptop

Thanks

#15 amyneedsHELP

amyneedsHELP

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 January 2012 - 09:32 PM

Farbar Service Scanner
Ran by Anthony (administrator) on 14-01-2012 at 21:31:51
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5) Tcpip6(14)
0x0E0000000600000001000000020000000300000004000000050000000700000008000000090000000A0000000B0000000C0000000D0000000E000000


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users