Author Topic: Cannot connect to internet after running virus scan and even after uninstalling  (Read 56649 times)

0 Members and 1 Guest are viewing this topic.

Jroffman

  • Guest
I tried doing a virus scan after installing and internet access was fine.  It then suggested a scan during boot upand it found and removed a couple of threats...after completing after several hours I have been unable to connect to the internet (via both lan and wireless connections).  There were some suggestions to remove the product via an uninstall...which I tried but it did not work.  I also ied the uninstall utility which did not seem to work.

I have been without internet access for days on this machine as a result.  I am running windows 7 and would welcome suggestions.

Jim1cor13

  • Guest
Hi Jroffman

To me, it sounds it is possible that whatever the threat(s) were that were detected,
could possibly have affected your windows 7 "Layered Service Provider" or LSP.

Not knowing what the threats were it is difficult to know, but this may be of help:
http://www.cexx.org/lspfix.htm

From the above site:
LSP-Fix
Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access

LSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible.

Unfortunately, problematic LSP software, including malware/spyware, is sometimes quietly installed by unrelated products such as file-sharing programs, sneaking onto a system unannounced. In fact, in many cases, the user does not know of its existence until something goes wrong, and he/she can no longer access Web sites. Historically, New.net* (NEWDOTNET) and WebHancer* (often bundled with file-sharing utilities, DVD player software, and other free downloads) have been the worst offenders, but the problem can be caused by any improperly-written Layered Service Provider software, or the deletion of any LSP program's files. LSP-Fix repairs the LSP chain by removing the entries left behind when LSP software is removed by hand (or when errors in the software itself break the LSP chain), and removing any gaps in the chain.
---

It is worth a try. I have run into this problem before and as noted, there can be several causes for broken connectivity. Perhaps this utility may help
if this is in fact part of your problem.

Also, have you checked to make sure your firewall is working properly, etc.? The problem does not sound avast! related, but a possible
result of the threats that were found. Please let us know if this is helpful. If you can explain with additional details that too may be helpful
for others to assist you.

All my best!
Jim
---

Jroffman

  • Guest
Thanks Jim,

I tried to run lspfix and got an error that the winsock2 registry key is missing or could not be accessed (not sure if there is a permissions issue as I believe I am logged in as administrator).  Is says when I log in the machine name and then administrator next to it.

As far as the firewall goes, when Im go there via control panel it says that the windows firewall is not using the recommended setting to protect my computer.  It gives me option to use recommended settings but then says 'windows firewall can't change some of the setting error code 0x80070424.

Any additional thoughts would be appreciated.

Jim1cor13

  • Guest
Thank you Jroffman for the additional details and for reporting back. :)

Indeed, it appears the LSP is damaged in some form and/or missing.
No doubt, a possible after effect of the result of the threat that was found.

First, try running the LSPfix utility this time by right clicking and choosing
"Run as Administrator" and see if that makes a difference. Possible
that it could not access the key due to the utility not being run as
"admin" as described above, even though you are logged on as Admin.

Also, see this from Microsoft: Some of the links may or may not be helpful, but I am trying to initially gather
what details directly address your situation: First link *should* help you reset your winsock2:

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/resettingrepairingreinstalling-winsock2-testing/aa044f6b-00e2-406b-8edb-cba5c4799cf2   Review it carefully, good information, but if not helpful see the following: Some details pertain to Vista, which often work for Windows 7:

http://support.microsoft.com/kb/811259#LetMeFixItMyselfAlways

The second link gives details about fixing corrupted LSP for XP and Vista, the Vista details
*may* be helpful and work on Windows 7.

"Manual steps to determine whether the Winsock2 key is corrupted for Windows Vista users

    Click Start, click Run, type Msinfo32, and then click OK.
    Expand Components, expand Network, and then click Protocol.
    Ten sections appear under Protocol. The section headings will include the following names if the Winsock2 key is undamaged:
        MSAFD Tcpip [TCP/IP]
        MSAFD Tcpip [UDP/IP]
        MSAFD Tcpip [TCP/IPv6]
        MSAFD Tcpip [UDP/IPv6]
        RSVP UDP Service Provider
        RSVP TCP Service Provider
        RSVP UDPv6 Service Provider
        RSVP TCPv6 Service Provider
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
        MSAFD NetBIOS [\Device\NetBT_Tcpip...
    If the names are anything different from those in this list, the Winsock2 key is corrupted, or you have a third-party add-on such as proxy software installed.

If you have a third-party add-on installed, the name of the add-on will replace the letters "MSAFD" in the list.

If there are more than ten sections in the list, you have third-party additions installed.

If there are fewer than ten sections, there is information missing."
---
Also this:

"Manual steps to recover from Winsock2 corruption for Windows Vista users
Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:

    Click Start
    and then click Network.
    Click Network and Sharing Center.
    In the Network and Sharing Center box, click Diagnose and Repair.

Note You may also access the Network and Sharing Center in Control Panel.

Reset Winsock for Windows Vista
To reset Winsock for Windows Vista, follow these steps:

    Click Start,  type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
    Type netsh winsock reset at the command prompt, and then press ENTER.

    Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
    Type exit, and then press ENTER."
---

The above we'll just figure is at least a start on tracking this down with the winsock issues. I hope it helps in some way
or at the very least offers some insight as to how to proceed further.

2) In regards to the Windows Firewall error, I was not surprised to read your issue with this considering the LSP
is damaged or missing. Perhaps the following will be of some insight as well:

http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/b9bbd758-e3d6-44c1-a75d-bc94a74704d1

There are some links within this that may be helpful. Also take a look at this please:
http://support.microsoft.com/kb/968002

"Error 0x80070424 occurs when you use Windows Update, Microsoft Update, or Windows Firewall"

It may or may not apply, but worth reviewing. Sometimes, these issues with winsock2 are not easily resolved, but
at least from your information, it has been confirmed that the LSP is affected, which is what i had suspected, this in turn
likely affects of course your firewall.

Here is one that may be more helpful as it deals with Windows 7 firewall error code you are having:

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/i-get-error-0x80070424-when-trying-to-turn-on/908a3f7e-1fc2-4083-a420-91e03310e450?auth=1

One more link:
http://www.sevenforums.com/system-security/200214-window-7-firewall-error-code-0x80070424.html

Also, it is possible you may need to perform a 'repair installation' but it may be avoidable if any of the above is helpful.

I will continue to do my best to gather additional information, please report back after carefully reviewing the above details. Please
review carefully, especially the first 2 links, take one step at a time as we attempt to remedy this.

Please let us know if you find any resolution.

All my best!
Jim
---








Jroffman

  • Guest
Thanks again Jim...

I was able to run LSPfix as admin and it found issues that it tried to fix...but to no avail.  I did confirm that there are 21 entries/sections versus 10, there a 14 msafd netbios sections versus 6 but they do not have another name that would distinguish them.  Looks like winsock2 is corrupt.  I'm not so clear on how to resolve...

Jim1cor13

  • Guest
Hi Jroffman  :)

Thank you for reporting back. At least we are getting some more info. as you go along
in regards to corrupt, missing or damaged winsock issues.

1.     About determining if Winsock 2 and Winsock is corrupt: in this article: http://support.microsoft.com/kb/811259 (Refer the section “Manual steps to determine whether the Winsock2 key is corrupted for Windows Vista users”. The steps are the same for Windows 7) Below I have detailed the manual steps to RESET your Winsock and recreate/reinstall it.

2.      To reset Winsock2, from the same link above, the next step which has Manual steps to recover from Winsock2 corruption for Windows Vista users(Holds good for Windows 7)

Manual steps to recover from Winsock2 corruption for Windows Vista users (also works for Windows 7 according to MS)

Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:
(I have edited the following data to make it specific for Windows 7. Now let's go to the Control panel, hopefully I made it easier to enter)

Access the Network and Sharing Center in Control Panel. Click Start, then click Control Panel, then click "Network and Sharing Center". Once there, in the bottom of the Network and Sharing Center window, Click on "Troubleshoot problems" to diagnose and repair network problems, or get troubleshooting information. At this step, take note what it tells you, if anything, and follow any instructions or information.

I also think, being that the winsock is corrupt, next step if the troubleshooting produces insufficient results, perform the RESET as detailed below:

Reset Winsock for Windows Vista (also Windows 7 according to MS)
To reset Winsock for Windows Vista/7, follow these steps: (I have edited to be specific for Windows 7)

Click Start, then click "All programs", then click "Accessories" folder...then Right Click "Command Prompt" and choose "Run as Administrator", answer "Yes" to the prompt to allow this action.

Now within the command prompt window at the prompt, Type the following: "netsh winsock reset" (without the quotes) and then press ENTER.

Note: If the command is typed incorrectly, you will receive an error message. Type the command again exactly as stated without the quotes
netsh winsock reset  When the command is completed successfully, a confirmation appears, followed by a new command prompt.

At this time, Type exit at the prompt, and then press ENTER. This should close out the command prompt.

According to MS, the above command will reset both Winsock and Winsock2 in affect resetting and reinstalling it.

Reboot your computer, and see if 1) you can now start your firewall properly without error, and 2) Re-establish internet connectivity.

You can also, if necessary, take a look at the location of winsock and winsock2 in the Windows registry that should be present after resetting:

Here is the location of the registry of Winsock and Winsock2: Click start, then RUN, type "regedit32" (without the quotes). In the Regedit32 window, to navigate to the below keys, on left side of window, double click the "HKEY_Local_Machine" key, it should expand...then double click "System", after it expands or opens then find "CurrentControlSet" and double click that, then scroll down and find "Services" key, and double click that. Now under "Services", scroll all the way down until you see these two keys: Winsock and Winsock2. Make sure they are present. The paths are listed below that we just navigated to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2

The Resetting you did via command prompt above will delete the Winsock and recreates, which actually is reinstalling it.

I have edited the above MS instructions specifically to pertain to Windows 7. Hopefully it will assist you :)

Please report back whether or not any improvement has been found in re-establishing your internet connection and being able to have Windows
Firewall function properly without error(s).

If the above does not assist you, perhaps a repair installation may be needed.

All my best!
Jim
---

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Jroffman

  • Guest
I tried running the fixit...no luck.

I reset winsock...no luck.

I confirmed winsock and winsock2 are in the registry.

Any other suggestions?  There is no restore point prior to this issue for me to go back to.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I tried doing a virus scan after installing and internet access was fine.  It then suggested a scan during boot upand it found and removed a couple of threats...after completing after several hours I have been unable to connect to the internet (via both lan and wireless connections).  There were some suggestions to remove the product via an uninstall...which I tried but it did not work.  I also ied the uninstall utility which did not seem to work.

- Which avast!..?? (Free/Pro/IS)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)
- Other security related software installed..??
- Which AV did you use before avast!..??
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

jeffce

  • Guest
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Jroffman

    • Guest
    Avast free, current version (2 weeks ago), windows 7 sp1 32 bit, had mcafee installed (which expired) before installing avast.

    Jroffman

    • Guest
    The only site I found to download Farbar had 100 or so downloads and it is not signed...not sure I'm comfortable with that.

    Offline CraigB

    • Avast Überevangelist
    • Serious Graphoman
    • *****
    • Posts: 11239
    • No support PM's thanks
    The only site I found to download Farbar had 100 or so downloads and it is not signed...not sure I'm comfortable with that.
    Download from the link in jeffce's post.

    Jim1cor13

    • Guest
    Hi Jroffman  :)

    Thank you for the additional info. Good old Mcafee, a history of not always playing nice
    when uninstalled, as well as Norton, etc. How did you remove Mcafee? Control panel,
    Programs Features? If so, you should also run this tool from Mcafee in case there is
    still remnants causing problems, especially with corrupt LSP issues, connection issues, etc.

    Here is Mcafee uninstall tool:
    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    You can follow the instructions from here, then use the MCPR.exe tool:
    http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS101331

    Edit: please remember to right click the tool and run as "administrator".

    It sounds very possible that Mcafee may have been a source of corruption in regards to
    your connection issues, or at least a source, such as corrupting LSP, winsock, etc. as I have seen this happen
    before. I was not aware that you had Mcafee installed, so running the above MCPR uninstall tool
    *might* offer some help in getting rid of remnants left behind. It is my personal opinion that *some*
    of the 'big boys' appear to corrupt and/or disable certain functioning upon uninstall so that one is
    often forced to reinstall their product. Just my opinion, but it happens too frequently not to suspect this.

    Please run the Mcafee product uninstall tool after downloading it to desktop as it is likely their standard uninstall
    feature left behind enough to cause issues, and that makes it very frustrating. Hopefully, the above can be of some help.
    Please report back.

    Have a nice memorial day sir. :)

    All my best!
    Jim
    ---
    « Last Edit: May 27, 2012, 05:09:12 PM by Jim1cor13 »

    Jroffman

    • Guest
    I ran the McAfee uninstall tool successfully although it did not address/solve my issue.

    Here are the results from my Farbar Service Scan...

    Farbar Service Scanner Version: 25-05-2012
    Ran by Kitchen (administrator) on 27-05-2012 at 22:18:06
    Running from "F:\"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache: "C:\Windows\System32\dnsrslvr.dll".

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp: "C:\Windows\system32\dhcpcore.dll".

    tdx Service is not running. Checking service configuration:
    The start type of tdx service is set to Disabled. The default start type is System.
    The ImagePath of tdx service is OK.


    Connection Status:
    ==============
    Localhost is blocked.
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit

    ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****