# Failed Internet Connection - HELP!



## Leed (Mar 8, 2008)

Hi.

I have been trying to reconnect a friends laptop to the internest. Below is a summary of what has happened.

I am open to any suggestions to help me resolve this issue.

1. The Set Up

Compaq Laptop AMD Processor running windows XP SP2
D-Link DSL Broaddand Model
ISP Telecom in NZ i.e. xtra.co.nz

2. The Original Problem

Able to connect to the internet but any mail related sites i.e. GMail, Hotmail, Yahoo/Mail or pop3 setup in outlook always failed. The usual internet DNS page would appear. All other sites were ok.

On first glance it was quite obvious that the Norton 2005 set up was out of date by around 20 months and Norton Security Centre or NIS or the antivirus that was bundled never started correctly when invoked.

The system also had other issues i.e. badly in need of a defrag and disk check which has been completed.

Assuming it was a firewall issue and seeing that the norton products were out of date and not working I used the norton removal tool to unistall the suite.

Voila!!! At this stage navigation to the internet is possible plue mail related sites. The pop3 mail was delivered to outlook and everything was looking good.

This was until about 5 minutes later and the network and ADSL light dropped on the model. This was rebooted a few times and after a short period 2 - 5 minutes, the connection dropped.

3. The current issue.

Now despite proving that the model (ADSL) is connected to the internet by using an alternative computer the laptop is unable to connect.

The symptoms include the following:-


Navigating to any web page shows the DNS screen plus often an explicit message that the page is invalid.
I am unable to open windows firewall as the ICS service is not started.
The ICS service cannot be started due to the 2001 error.
I have reinstalled the norton tools from the recovery CD with no positive effect.
I have reinstall many windows components from the recovery CD.
Connecting via USB cable on the laptop does not work.
The TCP/IP is set up to automatically detect.
I have run www.grisoft.com vcleaner.exe to rule out a virus and have also run the norton (on an old catelog as we can't connect) with no issues.

I am now at my wits end and seek any advice that the inline community can offer.

Thanks.


----------



## johnwill (Sep 26, 2002)

Please supply the following info, *exact make and models* of the equipment please.

Name of your ISP (Internet Service Provider).
Make *and* exact model of the broadband modem.
Make *and* exact model of the router (if a separate unit).
_Model numbers can usually be obtained from the label on the device._
Connection type, wired or wireless.
If wireless, encryption used, (none, WEP, WPA, or WPA2)
Make and model of your computer.
Version and patch level of Windows on all affected machines, i.e. XP-Home (or XP-Pro), SP1-SP2, Vista, etc.
The Internet Browser in use, IE, Firefox, Opera, etc.

Also, please give an exact description of your problem symptoms, including the exact text of any error messages. If there are other computers on the same network, are they experiencing the same issue, or do they function normally?




On both of the computers, I'd also like to see this:

Hold the *Windows* key and press *R*, then type *CMD* to open a command prompt:

Type the following commands:

PING 216.109.112.135

PING yahoo.com

NBTSTAT -n

IPCONFIG /ALL

Right click in the command window and choose *Select All*, then hit *Enter*.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.


----------



## Leed (Mar 8, 2008)

JohnWill. Thank you for the quick reply. I can't get access to the computer this week. I will respond soon. Many thanks. Lee.


----------



## Leed (Mar 8, 2008)

John,

You requested some additional information regarding this issue. I have most of it and I hope it is of use.

I tried to ping the router (ping 10.1.1.1). I got the following message "Unable to contact IP driver, error code 2)

*The Laptop*

The computer is a Compaq Presario M2000 laptop with AMD Sempron processor. BIOS HP F.23 6/2/2006, x*6 Family 15 Model 44 Stepping 2 Authentic with 256 MB RAM.

The operating system is Windows XP Home version 5.1.26 Service Pack 2 Build 2600

*The Router*

DLINK ADSL Router DSL-502T
H/W Ver A5
F/W V3.00B01T01.TX

*Internet Explorer*

Version 6.1.2900.2180

I tries to open the Windows Firewall. I get the following Messge, "Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall/internet connection sharing (ICS) Service"

Upon selecting Yes I get the following message, "Windows cannot start the Windows firewall/Internet Connect Sharing (ICS) Service"

Event Viewer had the following message, "Windows Firewall/Internet Connect Service (ICS) terminated with the following error, The specified driver is invalid."

A couple of other messages in the Event around the same time.

1. "The TCP/IP Protocol Driver Service failed to Start due o the following error. The specified driver is invalid."
2. "The Network Location Awareness NLA service depends on the TCP/IP protocol Driver service which failed to start because of the following error, The specifed diver is invalid."

I also noticed that upon loading the system that Norton threw a fit as te Symantec eMail Proxy failed.

The last thing I tried yesterday was to repair the TCP/IP Connection. The following message was returned, "Windows could not finish repairing the problem because the following action cannot be completed. Failed to query TCP/IP setting of the connection, cannot proceed."

I will try an do some of the other items mentioned in your post. I am hoping that this will help calrify the situation.

Thanks.

Lee.


----------



## johnwill (Sep 26, 2002)

*TCP/IP stack repair options for use with Windows XP with SP2.*

*S*tart, *R*un, *CMD* to open a command prompt:

Reset TCP/IP stack to installation defaults. *netsh int ip reset reset.log*

Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog*

Reboot the machine.


----------



## Leed (Mar 8, 2008)

John.

Many thanks. I have ran these and I will get all the issues referred to in my previous posts. I have rebooted the router and the pc.

I attach the reset.log file.

Lee.

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{DBE3C768-0A8A-48D1-87FF-0E026F83EA45}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{F10AE339-AE5C-4793-9074-737A3C21CD99}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\AddressType
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\DefaultGateway
old REG_MULTI_SZ =
10.1.1.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\DefaultGatewayMetric
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\EnableDhcp
old REG_DWORD = 0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\IpAddress
old REG_MULTI_SZ =
10.1.1.4

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\NameServer
old REG_SZ = 202.27.158.40,202.27.156.72

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\SubnetMask
old REG_MULTI_SZ =
255.0.0.0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D56B6619-BDD6-4EA2-B3C5-3800BFD5D5AF}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38809F5-BBF0-4410-9CCD-0C802A7BFD96}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for USB\VID_2001&PID_5B00\00:15:E9:22:B4:5B. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_3091103C&REV_10\4&13826118&0&00A4. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>[/FONT]


----------



## johnwill (Sep 26, 2002)

You may have malware. Since the reset is fixing things each time, something is changing them.

Please follow the instructions *here* (5 pages) and then post all the requested logs in a new thread *here* for the security analysts to look at. If you have any trouble running any of the scans, leave them and move onto the next.

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.


----------



## Leed (Mar 8, 2008)

Thanks you for all your help. This is superb.

Lee.


----------

