Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit - Cannot connect to internet


  • Please log in to reply

#121
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
There is a nvidia update on the hp site under graphics adapters:

http://h10025.www1.h...391726&sw_lang=

I would try that first.

Don't really know what to do for the AFD problem. Have to think about it. Check and see if you have

KB2592799

or go Windows Updates and make sure you have the latest patches. (Open IE, Tool,or Security depending on the version and then Windows update)
  • 0

Advertisements


#122
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I downloaded the update for nvidia and installed it. After reboot the nvidia stuff in device manager still had "!"s as well as AFD.

My connection seems fine and as far as the nvidia, I don't know if that supports a certain video platform or what, but I don't seem to have an issues with video here...

I do have the update in question

[KB2592799.log]
6.219: ================================================================================
6.219: 2011/10/13 03:04:40.290 (local)
6.219: C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\update.exe (version 6.3.13.0)
6.219: Failed To Enable SE_SHUTDOWN_PRIVILEGE
6.250: Hotfix started with following command line: -q -z -er /ParentInfo:3720a282fc3ae140810b840ec4186e74
6.266: In Function GetReleaseSet, line 1211, RegOpenKeyEx failed with error 0x2
6.266: In Function GetReleaseSet, line 1240, RegOpenKeyEx failed with error 0x2
6.766: ---- Old Information In The Registry ------
6.766: Source:C:\Program Files\Avira\AntiVir Desktop\aeheur.dll.tmp (8.1.2.177)
6.766: Destination:
6.766: Source:C:\WINDOWS\system32\SET1D5.tmp (8.0.6001.19131)
6.766: Destination:C:\WINDOWS\system32\wininet.dll (8.0.6001.19098)
6.766: Source:C:\WINDOWS\system32\SET1D6.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\urlmon.dll (8.0.6001.19100)
6.782: Source:C:\WINDOWS\system32\SET1D7.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\url.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1DB.tmp (8.0.6001.19154)
6.782: Destination:C:\WINDOWS\system32\mshtml.dll (8.0.6001.19120)
6.782: Source:C:\WINDOWS\system32\SET1DC.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\msfeedsbs.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1DD.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\msfeeds.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1E1.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\iertutil.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1E3.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\ieframe.dll (8.0.6001.19098)
6.782: ---- New Information In The Registry ------
6.782: Source:C:\Program Files\Avira\AntiVir Desktop\aeheur.dll.tmp (8.1.2.177)
6.782: Destination:
6.782: Source:C:\WINDOWS\system32\SET1D5.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\wininet.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1D6.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\urlmon.dll (8.0.6001.19100)
6.782: Source:C:\WINDOWS\system32\SET1D7.tmp (8.0.6001.19131)
6.782: Destination:C:\WINDOWS\system32\url.dll (8.0.6001.19098)
6.782: Source:C:\WINDOWS\system32\SET1DB.tmp (8.0.6001.19154)
6.782: Destination:C:\WINDOWS\system32\mshtml.dll (8.0.6001.19120)
6.797: Source:C:\WINDOWS\system32\SET1DC.tmp (8.0.6001.19131)
6.797: Destination:C:\WINDOWS\system32\msfeedsbs.dll (8.0.6001.19098)
6.797: Source:C:\WINDOWS\system32\SET1DD.tmp (8.0.6001.19131)
6.797: Destination:C:\WINDOWS\system32\msfeeds.dll (8.0.6001.19098)
6.797: Source:C:\WINDOWS\system32\SET1E1.tmp (8.0.6001.19131)
6.797: Destination:C:\WINDOWS\system32\iertutil.dll (8.0.6001.19098)
6.797: Source:C:\WINDOWS\system32\SET1E3.tmp (8.0.6001.19131)
6.797: Destination:C:\WINDOWS\system32\ieframe.dll (8.0.6001.19098)
6.797: In Function GetReleaseSet, line 1211, RegOpenKeyEx failed with error 0x2
6.797: In Function GetReleaseSet, line 1240, RegOpenKeyEx failed with error 0x2
6.797: SetProductTypes: InfProductBuildType=BuildType.IC
6.813: SetAltOsLoaderPath: No section uses DirId 65701; done.
6.907: DoInstallation: FetchSourceURL for c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\update_SP3GDR.inf failed
6.907: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
6.907: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2592799$
6.985: BuildCabinetManifest: update.url absent
7.000: Starting AnalyzeComponents
7.000: AnalyzePhaseZero used 0 ticks
7.000: No c:\windows\INF\updtblk.inf file.
7.000: OEM file scan used 0 ticks
7.125: AnalyzePhaseOne: used 125 ticks
7.125: AnalyzeComponents: Hotpatch analysis disabled; skipping.
7.125: AnalyzeComponents: Hotpatching is disabled.
7.125: FindFirstFile c:\windows\$hf_mig$\*.*
7.453: KB2592799 Setup encountered an error: The update.ver file is not correct.
8.344: KB2592799 Setup encountered an error: The update.ver file is not correct.
8.375: KB2592799 Setup encountered an error: The update.ver file is not correct.
8.375: KB2592799 Setup encountered an error: The update.ver file is not correct.
8.438: KB2592799 Setup encountered an error: The update.ver file is not correct.
9.157: AnalyzeForBranching used 0 ticks.
9.266: AnalyzePhaseTwo used 109 ticks
9.266: AnalyzePhaseThree used 0 ticks
9.266: AnalyzePhaseFive used 0 ticks
9.266: AnalyzePhaseSix used 0 ticks
9.266: AnalyzeComponents used 2266 ticks
9.266: Downloading 0 files
9.266: bPatchMode = FALSE
9.266: Inventory complete: ReturnStatus=0, 2359 ticks
9.266: Num Ticks for invent : 2359
9.282: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX214.tmp
9.282: Copied file: c:\windows\inf\branches.inf
11.500: Allocation size of drive C: is 4096 bytes, free space = 6999228416 bytes
11.828: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.
11.828: Drive C: free 6674MB req: 10MB w/uninstall: NOT CALCULATED.
11.828: CabinetBuild complete
11.828: Num Ticks for Cabinet build : 2562
11.828: DynamicStrings section not defined or empty.
11.875: FileInUse:: Detection disabled.
12.875: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
12.953: Num Ticks for Backup : 1125
13.125: Num Ticks for creating uninst inf : 172
13.141: Registering Uninstall Program for -> KB2592799, KB2592799 , 0x0
13.141: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
13.157: System Restore Point set.
13.188: PFE2: Not avoiding Per File Exceptions.
13.219: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB2592799.cat with error 0x57
13.469: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB2592799\update\update_SP3QFE.inf.
13.485: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\spuninst.exe -> c:\windows\$hf_mig$\KB2592799\spuninst.exe.
13.485: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\spmsg.dll -> c:\windows\$hf_mig$\KB2592799\spmsg.dll.
13.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\spcustom.dll -> c:\windows\$hf_mig$\KB2592799\update\spcustom.dll.
13.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\KB2592799.CAT -> c:\windows\$hf_mig$\KB2592799\update\KB2592799.CAT.
13.532: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\update.exe -> c:\windows\$hf_mig$\KB2592799\update\update.exe.
13.563: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\updspapi.dll -> c:\windows\$hf_mig$\KB2592799\update\updspapi.dll.
13.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\update.ver -> c:\windows\$hf_mig$\KB2592799\update\update.ver.
13.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\updatebr.inf -> c:\windows\$hf_mig$\KB2592799\update\updatebr.inf.
13.594: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\eula.txt -> c:\windows\$hf_mig$\KB2592799\update\eula.txt.
13.625: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\update\branches.inf -> c:\windows\$hf_mig$\KB2592799\update\branches.inf.
13.844: Copied file: C:\WINDOWS\system32\DRIVERS\afd.sys
13.844: Copied file: C:\WINDOWS\system32\DllCache\afd.sys
14.016: Copied file: c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
14.110: DoInstallation: Installing assemblies with source root path: c:\windows\softwaredistribution\download\cd75fc2c9aa3d47009fe2d95c9f43154\
14.110: Num Ticks for Copying files : 985
14.125: Num Ticks for Reg update and deleting 0 size files : 15
14.141: ---- Old Information In The Registry ------
14.141: Source:C:\Program Files\Avira\AntiVir Desktop\aeheur.dll.tmp (8.1.2.177)
14.141: Destination:
14.141: Source:C:\WINDOWS\system32\SET1D5.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\wininet.dll (8.0.6001.19098)
14.141: Source:C:\WINDOWS\system32\SET1D6.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\urlmon.dll (8.0.6001.19100)
14.141: Source:C:\WINDOWS\system32\SET1D7.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\url.dll (8.0.6001.19098)
14.141: Source:C:\WINDOWS\system32\SET1DB.tmp (8.0.6001.19154)
14.141: Destination:C:\WINDOWS\system32\mshtml.dll (8.0.6001.19120)
14.141: Source:C:\WINDOWS\system32\SET1DC.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\msfeedsbs.dll (8.0.6001.19098)
14.141: Source:C:\WINDOWS\system32\SET1DD.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\msfeeds.dll (8.0.6001.19098)
14.141: Source:C:\WINDOWS\system32\SET1E1.tmp (8.0.6001.19131)
14.141: Destination:C:\WINDOWS\system32\iertutil.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1E3.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\ieframe.dll (8.0.6001.19098)
14.157: ---- New Information In The Registry ------
14.157: Source:C:\Program Files\Avira\AntiVir Desktop\aeheur.dll.tmp (8.1.2.177)
14.157: Destination:
14.157: Source:C:\WINDOWS\system32\SET1D5.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\wininet.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1D6.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\urlmon.dll (8.0.6001.19100)
14.157: Source:C:\WINDOWS\system32\SET1D7.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\url.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1DB.tmp (8.0.6001.19154)
14.157: Destination:C:\WINDOWS\system32\mshtml.dll (8.0.6001.19120)
14.157: Source:C:\WINDOWS\system32\SET1DC.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\msfeedsbs.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1DD.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\msfeeds.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1E1.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\iertutil.dll (8.0.6001.19098)
14.157: Source:C:\WINDOWS\system32\SET1E3.tmp (8.0.6001.19131)
14.157: Destination:C:\WINDOWS\system32\ieframe.dll (8.0.6001.19098)
15.203: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
15.203: IsRebootRequiredForFileQueue: c:\windows\system32\drivers\afd.sys was no-delay replaced; reboot is required.
15.203: DoInstallation: A reboot is required to complete the installation of one or more files.
15.203: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
15.235: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0
  • 0

#123
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
what version are

c:\windows\system32\drivers\afd.sys

c:\windows\system32\drivers\wininet.dll

Clear the events and reboot then run Vino's as before and post the logs.
  • 0

#124
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
c:\windows\system32\drivers\afd.sys - Version 5.1.2600.6142

c:\windows\system32\drivers\wininet.dll - I did not see this utility


Vino's Event Viewer v01c run on Windows XP in English
Report run at 01/01/2012 2:56:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/01/2012 2:54:27 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 01/01/2012 2:54:27 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/01/2012 2:54:27 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/01/2012 2:54:27 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 01/01/2012 2:54:27 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#125
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

c:\windows\system32\drivers\wininet.dll - I did not see this utility


My mistake. Should be c:\windows\system32\wininet.dll
  • 0

#126
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Also found this on your nvidia error:

I have XP and an nVidia GeForce 7950 GT and kept getting the event errors of NVidia WDM Video Capture service failed to start cannot find file, and the nVidia WDM A/V Crossbar service failed to start file not found every time I booted the system.
The way I solved this was I went back to the folder that contained my downloaded driver files from nVidia and found two folders (one for Display Drivers and one for WDM). As an FYI, my driver software was version 258.96. I went into the WDM folders and reran the setup.exe file and it successfully installed the nVidia WDM drivers in about one second. I rebooted the computer, checked the eventID log and no more error messages for WDM. I also went to Control Panel and saw that the nVidia WDM Drivers were now listed. So the whole problem was because I had never properly installed the WDM drivers. You may need to go back to nVidia and download their drivers if you did not save the originals on your computer


http://forums.nvidia...?showtopic=1806
  • 0

#127
MaxMurder

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Version - 8.0.6001.19165
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP