Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit - Cannot connect to internet


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
What does

ipconfig

sc query afd



say now?
  • 0

Advertisements


#77
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
State 1 Stopped
Win32 Exit Code 1058
  • 0

#78
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
1058 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Start, Run, regedit, OK

navigate to and click on AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD

Look in the right pane. What does Start say? IF not 2 set it to 2.

Go into Device Manager, View, Show Hidden Devices

Assume "AFD Networking Support Environment" is still not there

Find Network Adapters and click on the + in front of it. Find the network adapter you use to connect to the Internet, right click on it and select Properties. Verify the Device Status says: This device is working properly.

Go back and reassign an IP address manually. Use the same as your working one but add 100 to the last number. Use the same mask and default gateway. Set the DNS to use 8.8.8.8
OK.


Start, Run, cmd, OK

ping 192.168.2.1

(Does this work?)

nslookup att.com

(Does this work?)

(if neither work)

netsh  int  ip  reset  \reset.log


(move the file c:\reset.log to the good PC and attach it to your next reply)
  • 0

#79
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
AFD - Start is(was) set to 2.
Network Adapter is working properly.
Ping 192.168.2.1 worked.
NSLOOKUP did not. Can't find server address; No response from server; Default servers are not available.

Should I still do the reset code?
  • 0

#80
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
open a command prompt

nslookup

server 4.2.2.1

att.com
  • 0

#81
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
4.2.2.1 can't find att.com. Cannot connect to server.
  • 0

#82
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
tracert  -d   4.2.2.1  >  \junk.txt

netstat  -rn  >>  \junk.txt

notepad \junk.txt




  • 0

#83
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Tracing route to 4.2.2.1 over a maximum of 30 hops



1 10 ms 7 ms 8 ms 10.229.136.1

2 9 ms 8 ms 11 ms 24.229.23.198

3 15 ms 18 ms 18 ms 216.144.163.222

4 16 ms 17 ms 16 ms 216.144.163.222

5 25 ms 17 ms 18 ms 4.79.168.85

6 17 ms 17 ms 17 ms 4.69.149.51

7 18 ms 19 ms 17 ms 4.2.2.1



Trace complete.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0e a6 8d 64 da ...... Realtek RTL8139/810x Family Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.106 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.106 192.168.2.106 20
192.168.2.106 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.106 192.168.2.106 20
224.0.0.0 240.0.0.0 192.168.2.106 192.168.2.106 20
255.255.255.255 255.255.255.255 192.168.2.106 192.168.2.106 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

Route Table
  • 0

#84
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I can't see why nslookup won't work. We can tracert to the dns server so we have connectivity but it is acting like some stupid firewall is blocking DNS activity.

See if you can do

nslookup att.com

on the good computer. Perhaps the router is not allowing it.

Try changing the 8.8.8.8 to 192.168.2.1 on the sick PC and then see if nslookup att.com works.

net start "dns client"

does it say "The requested service has already been started." or give another error?
  • 0

#85
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
NS lookup did work on the good laptop...even with Online Armor turned on.

Changing the DNS did not work...same error.

DNS Client has already been started.
  • 0

Advertisements


#86
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can you download tcping from http://www.elifulker...0.13/tcping.exe and save it to the desktop of the good PC? Then Start, All Programs, Accessories, Command Prompt.

cd  %userprofile%\Desktop

tcping  8.8.8.8  53

Result should be similar to:

Probing 8.8.8.8:53/tcp - Port is open - time=46.336ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.699ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.510ms
Probing 8.8.8.8:53/tcp - Port is open - time=27.322ms

Ping statistics for 8.8.8.8:53
4 probes sent.
4 successful, 0 failed.
Approximate trip times in milli-seconds:
Minimum = 27.322ms, Maximum = 46.336ms, Average = 32.217ms


Now move tcping over to the sick PC's desktop and repeat the test. Does that work?

Going to bed now. Was over at a friend's all evening working on their computer.
  • 0

#87
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
It did work on the good pc but on the bad pc I got:

Socket operation on non-socket <10038> each time.

Edited by MaxMurder, 19 December 2011 - 07:59 AM.

  • 0

#88
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:


netsh  int ip reset \reset.log

notepad  \reset.log

Copy and paste the text from notepad.
  • 0

#89
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{17E4F27A-200E-42E5-AF1E-5354B38EAD5E}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{9F56D37F-4FA7-4924-B8EE-742ABFFD257F}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0689CEC2-8D77-4684-9520-B9193268E020}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\AddressType
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DefaultGateway
old REG_MULTI_SZ =
192.168.2.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DefaultGatewayMetric
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\EnableDhcp
old REG_DWORD = 0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\IpAddress
old REG_MULTI_SZ =
192.168.2.106

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\NameServer
old REG_SZ = 192.168.2.1,4.2.2.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\SubnetMask
old REG_MULTI_SZ =
255.255.255.0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE6A750E-FEE2-4316-A023-22F50E2023C7}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
<completed>
  • 0

#90
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Right click on My COmputer and select Manage then Device Manager. Open Network Adapters

What exactly does it say under Network Adapters?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP