Not that I really learned anything, but I have spent the last week trying to fix my wife's computer cause she had gotten some nasty viruses at some point and I finally decided to clean it up. Being too lazy to clean up enough space on other computers to copy over all the pictures and stuff that are on there I decided not to reimage it. With the help of some great posts over at MajorGeeks.com I used my laptop to download about 10 or so different tools to scan, clean, and delete my way to an XP that I am not afraid to plug into my network and one that isn't spamming the world and having my ISP lock my connection down (it happened, no joke). Btw, Symantec, at least the version I had, never did a damn thing from what I could tell. Piece of bloated crap, IMO.
So the cleaning posts were easy enough to get through, system's clean, booting and running much faster but network doesn't look so hot. Device manager shows NIC driver corrupt or not installed properly and that's where my fun really began. After hours of searching and goofing with stuff I get the network card recognized and it seemed to have very little to do with the actually NIC drivers, thanks Device Manager messages. I can't even recall what actually got it satisfied cause I tried so many different things. But network still not working ... lovely.
AFD: You can find nearly anything you want on the internet. It's really amazing at how much information is out there, it might take a while to find it but there is normally someone, somewhere, that has posted about what you need or something similar. Not so much (that I could find) with freakin' AFD. AFD is a non-plug and play device that shows up on Device Manager when you tell it to show hidden. No wait, that's true, but it seems it's actually a XP Service. Oh wait, it is and starts that way but it's not actually on the Services list ... But pretty much every networking service has it as a dependency. DON'T uninstall the AFD device thinking there will be a way to re-install it. Also, make sure you have System Restore on :-).
So my AFD is failing to start cause something along the lines of "path not found." Google search it and find many many dead ends and a few very helpful posts. If I were a good blogger I'd have some links but guess what, I don't.
So I was stuck at a point with a machine that said the network was connected but didn't work. Ipconfig returned basically nothing. Connection details didn't really show any errors but everything was blank from the IP to the DNS. Device Manager was only complaining about AFD being corrupt or not properly installed. My System events were showing that the AFD service was failing to start and thus most network stuff was too.
Post is getting way too long so let me lessen my windedness. There is no way (once again that I could find) to reinstall AFD and basically no help or information on it from MS. I found several places that people were having similar issues but they most always ended in dead threads with no success posted. Here's what I'd recommend for anyone that might find this:
This got me to a point where I was getting an IP but no DNS or working connection:
For these commands, Start, Run, CMD to open a command prompt.
Make sure you have afd.sys in your C:\Windows\System32\Drivers folder and msafd.dll in System32. Copy them from a good XP machine (with a thumb drive) or they might work from \i386 or Windows\ServicePackFiles\i386.
Reset WINSOCK entries to installation defaults: netsh winsock reset catalog
Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log
Reboot the machine.
Then I took my laptop with XP on it and searched through the registry for AFD and make the bad computer's registry match. The important keys are: HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD
HKLM\SYSTEM\CurrentControlSet\Services\AFD
Mine was complaining about a registry path not being found. Something was pointing at a GUID\0000 instead of 0001. Another idea is to download Process Monitor. Run it, turn capture off, clear list. Open a Dos prompt and type in sc start afd but don't run it yet. Click start capture on Process Monitor, the switch over and hit enter in your dos prompt. Once AFD fails stop capture. Process Monitor will track an overwhelming amount of stuff but start sifting through there to see what is failing. That is how I finally saw AFD looking for something in the registry that wasn't there.
Wow, I suck at blogging so there is a wall of text to try to help someone that might come across what I did, but I hope no one else ever does. That last paragraph could seemingly work for troubleshooting other service start failures.
15 comments:
Good wall of information (even if white on black for that much text gives me double vision).
As benefits my job responsibilities I'm going to note that if you had a regularly scheduled backup process you can safely image a system as needed w/o worrying about losing pictures and files and such.
But then, I'm a loser with multiply revisions of nightly backups.
Glad you got everything fixed.
Thankyou for this post. I had a similar problem: some malware buried deep within windows was stopping Microsoft Security Essentials from updating it's definitions and redirecting my browser when i clicked on links from the results of a google search.
Ran through a bunch of anti-malware tools. SuperAntiSpyware detected and removed afd.sys and all the LEGACY_AFD and AFD registry keys.
Then (in summary form): Plug network in -> no ip address -> DHCP Client Service won't start -> dependency (AFD) missing -> replace afd.sys from another computer -> still won't show in Device Manager under non-PnP devices.
The problem was the registry keys. AFD was easy enough to restore but LEGACY_AFD kept giving the error "cannot access root" when I tried to create it. The solution here was to run regedit under the SYSTEM account (run "at 14:30 regedit" where 14:30 is the time 1 minute from now), which gave me access to create the key - and regain the AFD entry in device manager.
100% same AFD problem caused by SuperAntiSpyware and solution as in the previous post. Imported the LEGACY_AFD key after first giving Full Control to Everyone to Root (Edit/Permissions). Don't forget to uncheck the Full Control afterwards.
Thanks a lot!
Damn, it works.. You are a genius!!
I couldnt believe I have to reinstall the whole system and searched for hours and finally found your blog. I already installed the Services/AFD key but missed the Root/legacy_AFD key. Thank you so much!! You saved my day!!
THANK YOU! THANK YOU! THANK YOU! I Have been working on this for 3 days. i have tried so much stuff and i know my computer is worse off now but all i do is one simple thing from it and it requires the internet. i have been flipping things on and installing crazy SH**.
i had a BAD virus and after teaming up MWB, Avast, Spybot, it was gone but Avast was a computer reeming that messed up my computer.
i even used MS stupid fix it tools. stupid morons. you tell them i cannot connect to the internet and they tell you to run a web based service to fix it!!
Anyway, my computer was always looking for an IP
i finally noticed there was no AFD in the hidden system functions. i went to another XP computer and took the cookie out by exporting, dumped it onto a thumbdrive and dragged it to the desktop of the ailing computer and clicked it and it imported instantly and i rebooted and im BACK on the internet!! thanks for a fourth time!!!!!
Thanks a million. After four days, countless websites... Including microsoft, your post fixed it.
Thanks a bunch. In my case the entry for Image path was renamed afd.svs(as opposed to afd.sys) by security sphere 2012 and it took awhile for that to register to me.
Holy snap dragon! You are a life saver! I have spent the last 4 days trying to figure this out, and this blog finally did it for me. I can't thank you enough. You've saved me from having to reinstall XP. I was missing the AFD (not the legacy_AFD) key; therefore, I exported a copy from a friends XP machine, and then imported the AFD key on the broken machine. Violla! DHCP is now working and we're back in business! Thanks!
Thank-you, thank-you!!!! Same problem after SuperAntiSpyware removed afd.sys. Was missing the AFD key.
CHeers :)
Thank you, thank you! I had a client who must have used a dozen utilities to remove malware before I saw the machine. When I got it - no Internet and an endlessly cycling attempt to get an IP address. The IPSEC, DHCP Client and TCP/IP NetBIOS Helper services were not running. Ran netsh winsock commands with no luck. Ran SFC /scannow to restore any missing files but nothing was fixed until I exported the two AFD keys from a good machine and imported them in the damaged one. Great post!
Thank you so much for this post, I must have had a virus which removed AFD from my XP laptop, thank god you had post this fix on your blog you have saved me a reformat just on Christmas.
Independent Mortgage Advice
Thanks for the help
this AFD thing almost made me cry ... and I am a nerd ... why do I have to be nice and clean other peoples computers ...
Excellent !!! I've been trying to solve this problem for 3 days.
Finally, up and running again.
MANY, MANY THANKS !
Stammy thank you so much, I am sure you didn't expect this posting to be helping people almost 3 years on - believe me it is. I have spend days/hours attempting to sort this. The one thing missing from other google results in an effort to resolve was the reference to also importing 'HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD' which I did from another XP machine. After that and winsock reset I was able to start the service -TCP/IP NetBIOS Helper (which was dependant on AFD) and at last AFD.sys which I copied to windows-system32-drivers was showing up in device manager (as a hidden device). I hope this information also helps others.
Thanks to all - Shevy
Great instruction! I was trying for hours, to solve the DHCP-problem on a computer. I found a lot of instructions using Google, but nothing solved the problem. Your article seems to be the only one, considering ALL aspects of the problem. THANKS A LOT!
Post a Comment