Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit - Cannot connect to internet

Started by MaxMurder , Dec 05 2011 10:39 PM

  • Please log in to reply

#76
RKinner
Posted 16 December 2011 - 12:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
What does

ipconfig

sc query afd



say now?
  • 0

Advertisements

#77
MaxMurder
Posted 16 December 2011 - 08:54 AM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
State 1 Stopped
Win32 Exit Code 1058
  • 0

#78
RKinner
Posted 16 December 2011 - 09:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
1058 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Start, Run, regedit, OK

navigate to and click on AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD

Look in the right pane. What does Start say? IF not 2 set it to 2.

Go into Device Manager, View, Show Hidden Devices

Assume "AFD Networking Support Environment" is still not there

Find Network Adapters and click on the + in front of it. Find the network adapter you use to connect to the Internet, right click on it and select Properties. Verify the Device Status says: This device is working properly.

Go back and reassign an IP address manually. Use the same as your working one but add 100 to the last number. Use the same mask and default gateway. Set the DNS to use 8.8.8.8
OK.


Start, Run, cmd, OK

ping 192.168.2.1

(Does this work?)

nslookup att.com

(Does this work?)

(if neither work)


netsh  int  ip  reset  \reset.log

(move the file c:\reset.log to the good PC and attach it to your next reply)
  • 0

#79
MaxMurder
Posted 16 December 2011 - 07:55 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
AFD - Start is(was) set to 2.
Network Adapter is working properly.
Ping 192.168.2.1 worked.
NSLOOKUP did not. Can't find server address; No response from server; Default servers are not available.

Should I still do the reset code?
  • 0

#80
RKinner
Posted 16 December 2011 - 08:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
open a command prompt

nslookup

server 4.2.2.1

att.com
  • 0

#81
MaxMurder
Posted 16 December 2011 - 08:27 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
4.2.2.1 can't find att.com. Cannot connect to server.
  • 0

#82
RKinner
Posted 16 December 2011 - 08:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP 

tracert  -d   4.2.2.1  >  \junk.txt

netstat  -rn  >>  \junk.txt

notepad \junk.txt

  • 0

#83
MaxMurder
Posted 16 December 2011 - 09:01 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Tracing route to 4.2.2.1 over a maximum of 30 hops



1 10 ms 7 ms 8 ms 10.229.136.1

2 9 ms 8 ms 11 ms 24.229.23.198

3 15 ms 18 ms 18 ms 216.144.163.222

4 16 ms 17 ms 16 ms 216.144.163.222

5 25 ms 17 ms 18 ms 4.79.168.85

6 17 ms 17 ms 17 ms 4.69.149.51

7 18 ms 19 ms 17 ms 4.2.2.1



Trace complete.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0e a6 8d 64 da ...... Realtek RTL8139/810x Family Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.106 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.106 192.168.2.106 20
192.168.2.106 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.106 192.168.2.106 20
224.0.0.0 240.0.0.0 192.168.2.106 192.168.2.106 20
255.255.255.255 255.255.255.255 192.168.2.106 192.168.2.106 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

Route Table
  • 0

#84
RKinner
Posted 16 December 2011 - 10:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I can't see why nslookup won't work. We can tracert to the dns server so we have connectivity but it is acting like some stupid firewall is blocking DNS activity.

See if you can do

nslookup att.com

on the good computer. Perhaps the router is not allowing it.

Try changing the 8.8.8.8 to 192.168.2.1 on the sick PC and then see if nslookup att.com works.

net start "dns client"

does it say "The requested service has already been started." or give another error?
  • 0

#85
MaxMurder
Posted 17 December 2011 - 07:01 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
NS lookup did work on the good laptop...even with Online Armor turned on.

Changing the DNS did not work...same error.

DNS Client has already been started.
  • 0

Advertisements

#86
RKinner
Posted 18 December 2011 - 02:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Can you download tcping from http://www.elifulker...0.13/tcping.exe and save it to the desktop of the good PC? Then Start, All Programs, Accessories, Command Prompt. 

cd  %userprofile%\Desktop

tcping  8.8.8.8  53

Result should be similar to:

Probing 8.8.8.8:53/tcp - Port is open - time=46.336ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.699ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.510ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.322ms

Ping statistics for 8.8.8.8:53
4 probes sent.
4 successful, 0 failed.
Approximate trip times in milli-seconds:
Minimum = 27.322ms, Maximum = 46.336ms, Average = 32.217ms


Now move tcping over to the sick PC's desktop and repeat the test. Does that work?

Going to bed now. Was over at a friend's all evening working on their computer.
  • 0

#87
MaxMurder
Posted 19 December 2011 - 07:58 AM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
It did work on the good pc but on the bad pc I got:

Socket operation on non-socket <10038> each time.

Edited by MaxMurder, 19 December 2011 - 07:59 AM.

  • 0

#88
RKinner
Posted 20 December 2011 - 12:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 



netsh  int ip reset \reset.log

notepad  \reset.log

Copy and paste the text from notepad.
  • 0

#89
MaxMurder
Posted 20 December 2011 - 10:19 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{17E4F27A-200E-42E5-AF1E-5354B38EAD5E}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{9F56D37F-4FA7-4924-B8EE-742ABFFD257F}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\AddressType
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DefaultGateway
old REG_MULTI_SZ =
192.168.2.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DefaultGatewayMetric
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\EnableDhcp
old REG_DWORD = 0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\IpAddress
old REG_MULTI_SZ =
192.168.2.106

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\NameServer
old REG_SZ = 192.168.2.1,4.2.2.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\SubnetMask
old REG_MULTI_SZ =
255.255.255.0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
<completed>
  • 0

#90
RKinner
Posted 21 December 2011 - 12:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Right click on My COmputer and select Manage then Device Manager. Open Network Adapters

What exactly does it say under Network Adapters?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP