Cannot connect to internet after running virus scan and even after uninstalling

I tried doing a virus scan after installing and internet access was fine. It then suggested a scan during boot upand it found and removed a couple of threats…after completing after several hours I have been unable to connect to the internet (via both lan and wireless connections). There were some suggestions to remove the product via an uninstall…which I tried but it did not work. I also ied the uninstall utility which did not seem to work.

I have been without internet access for days on this machine as a result. I am running windows 7 and would welcome suggestions.

Hi Jroffman

To me, it sounds it is possible that whatever the threat(s) were that were detected,
could possibly have affected your windows 7 “Layered Service Provider” or LSP.

Not knowing what the threats were it is difficult to know, but this may be of help:

From the above site:
Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access

LSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible.

Unfortunately, problematic LSP software, including malware/spyware, is sometimes quietly installed by unrelated products such as file-sharing programs, sneaking onto a system unannounced. In fact, in many cases, the user does not know of its existence until something goes wrong, and he/she can no longer access Web sites. Historically,* (NEWDOTNET) and WebHancer* (often bundled with file-sharing utilities, DVD player software, and other free downloads) have been the worst offenders, but the problem can be caused by any improperly-written Layered Service Provider software, or the deletion of any LSP program’s files. LSP-Fix repairs the LSP chain by removing the entries left behind when LSP software is removed by hand (or when errors in the software itself break the LSP chain), and removing any gaps in the chain.

It is worth a try. I have run into this problem before and as noted, there can be several causes for broken connectivity. Perhaps this utility may help
if this is in fact part of your problem.

Also, have you checked to make sure your firewall is working properly, etc.? The problem does not sound avast! related, but a possible
result of the threats that were found. Please let us know if this is helpful. If you can explain with additional details that too may be helpful
for others to assist you.

All my best!

Thanks Jim,

I tried to run lspfix and got an error that the winsock2 registry key is missing or could not be accessed (not sure if there is a permissions issue as I believe I am logged in as administrator). Is says when I log in the machine name and then administrator next to it.

As far as the firewall goes, when Im go there via control panel it says that the windows firewall is not using the recommended setting to protect my computer. It gives me option to use recommended settings but then says 'windows firewall can’t change some of the setting error code 0x80070424.

Any additional thoughts would be appreciated.

Thank you Jroffman for the additional details and for reporting back. :slight_smile:

Indeed, it appears the LSP is damaged in some form and/or missing.
No doubt, a possible after effect of the result of the threat that was found.

First, try running the LSPfix utility this time by right clicking and choosing
“Run as Administrator” and see if that makes a difference. Possible
that it could not access the key due to the utility not being run as
“admin” as described above, even though you are logged on as Admin.

Also, see this from Microsoft: Some of the links may or may not be helpful, but I am trying to initially gather
what details directly address your situation: First link should help you reset your winsock2: Review it carefully, good information, but if not helpful see the following: Some details pertain to Vista, which often work for Windows 7:

The second link gives details about fixing corrupted LSP for XP and Vista, the Vista details
may be helpful and work on Windows 7.

"Manual steps to determine whether the Winsock2 key is corrupted for Windows Vista users

Click Start, click Run, type Msinfo32, and then click OK.
Expand Components, expand Network, and then click Protocol.
Ten sections appear under Protocol. [u]The section headings will include the following names if the Winsock2 key is undamaged:[/u]
    MSAFD Tcpip [TCP/IP]
    MSAFD Tcpip [UDP/IP]
    MSAFD Tcpip [TCP/IPv6]
    MSAFD Tcpip [UDP/IPv6]
    RSVP UDP Service Provider
    RSVP TCP Service Provider
    RSVP UDPv6 Service Provider
    RSVP TCPv6 Service Provider
    MSAFD NetBIOS [\Device\NetBT_Tcpip...
    MSAFD NetBIOS [\Device\NetBT_Tcpip...
    MSAFD NetBIOS [\Device\NetBT_Tcpip...
    MSAFD NetBIOS [\Device\NetBT_Tcpip...
    MSAFD NetBIOS [\Device\NetBT_Tcpip...
    MSAFD NetBIOS [\Device\NetBT_Tcpip... 
If the names are anything different from those in this list, the Winsock2 key is corrupted, or you have a third-party add-on such as proxy software installed. 

If you have a third-party add-on installed, the name of the add-on will replace the letters “MSAFD” in the list.

If there are more than ten sections in the list, you have third-party additions installed.

If there are fewer than ten sections, there is information missing."

Also this:

"Manual steps to recover from Winsock2 corruption for Windows Vista users
Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:

Click Start
and then click Network.
Click Network and Sharing Center.
In the Network and Sharing Center box, click Diagnose and Repair.

Note You may also access the Network and Sharing Center in Control Panel.

Reset Winsock for Windows Vista
To reset Winsock for Windows Vista, follow these steps:

Click Start,  type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
Type netsh winsock reset at the command prompt, and then press ENTER.

Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
Type exit, and then press ENTER."

The above we’ll just figure is at least a start on tracking this down with the winsock issues. I hope it helps in some way
or at the very least offers some insight as to how to proceed further.

2) In regards to the Windows Firewall error, I was not surprised to read your issue with this considering the LSP
is damaged or missing. Perhaps the following will be of some insight as well:

There are some links within this that may be helpful. Also take a look at this please:

“Error 0x80070424 occurs when you use Windows Update, Microsoft Update, or Windows Firewall

It may or may not apply, but worth reviewing. Sometimes, these issues with winsock2 are not easily resolved, but
at least from your information, it has been confirmed that the LSP is affected, which is what i had suspected, this in turn
likely affects of course your firewall.

Here is one that may be more helpful as it deals with Windows 7 firewall error code you are having:

One more link:

Also, it is possible you may need to perform a ‘repair installation’ but it may be avoidable if any of the above is helpful.

I will continue to do my best to gather additional information, please report back after carefully reviewing the above details. Please
review carefully, especially the first 2 links, take one step at a time as we attempt to remedy this.

Please let us know if you find any resolution.

All my best!

Thanks again Jim…

I was able to run LSPfix as admin and it found issues that it tried to fix…but to no avail. I did confirm that there are 21 entries/sections versus 10, there a 14 msafd netbios sections versus 6 but they do not have another name that would distinguish them. Looks like winsock2 is corrupt. I’m not so clear on how to resolve…

Hi Jroffman :slight_smile:

Thank you for reporting back. At least we are getting some more info. as you go along
in regards to corrupt, missing or damaged winsock issues.

  1. About determining if Winsock 2 and Winsock is corrupt: in this article: [u](Refer the section “Manual steps to determine whether the Winsock2 key is corrupted for Windows Vista users”. [b]The steps are the same for Windows 7[/b])[/u] Below I have detailed the manual steps to RESET your Winsock and recreate/reinstall it.
  2.  [u]To reset Winsock2[/u], from the same link above, the next step which has Manual steps to recover from Winsock2 corruption for Windows Vista users([b]Holds good for Windows 7[/b])

Manual steps to recover from Winsock2 corruption for Windows Vista users (also works for Windows 7 according to MS)

Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:
(I have edited the following data to make it specific for Windows 7. Now let’s go to the Control panel, hopefully I made it easier to enter)

Access the Network and Sharing Center in Control Panel. Click Start, then click Control Panel, then click “Network and Sharing Center”. Once there, in the bottom of the Network and Sharing Center window, Click on “Troubleshoot problems” to diagnose and repair network problems, or get troubleshooting information. At this step, take note what it tells you, if anything, and follow any instructions or information.

I also think, being that the winsock is corrupt, next step if the troubleshooting produces insufficient results, perform the RESET as detailed below:

Reset Winsock for Windows Vista (also Windows 7 according to MS)
To reset Winsock for Windows Vista/7, follow these steps: (I have edited to be specific for Windows 7)

Click Start, then click “All programs”, then click “Accessories” folder…then Right Click “Command Prompt” and choose “Run as Administrator”, answer “Yes” to the prompt to allow this action.

Now within the command prompt window at the prompt, Type the following: “netsh winsock reset” (without the quotes) and then press ENTER.

Note: If the command is typed incorrectly, you will receive an error message. Type the command again exactly as stated without the quotes
netsh winsock reset When the command is completed successfully, a confirmation appears, followed by a new command prompt.

At this time, Type exit at the prompt, and then press ENTER. This should close out the command prompt.

According to MS, the above command will reset both Winsock and Winsock2 in affect resetting and reinstalling it.

Reboot your computer, and see if 1) you can now start your firewall properly without error, and 2) Re-establish internet connectivity.

You can also, if necessary, take a look at the location of winsock and winsock2 in the Windows registry that should be present after resetting:

Here is the location of the registry of Winsock and Winsock2: Click start, then RUN, type “regedit32” (without the quotes). In the Regedit32 window, to navigate to the below keys, on left side of window, double click the “HKEY_Local_Machine” key, it should expand…then double click “System”, after it expands or opens then find “CurrentControlSet” and double click that, then scroll down and find “Services” key, and double click that. Now under “Services”, scroll all the way down until you see these two keys: Winsock and Winsock2. Make sure they are present. The paths are listed below that we just navigated to:



The Resetting you did via command prompt above will delete the Winsock and recreates, which actually is reinstalling it.

I have edited the above MS instructions specifically to pertain to Windows 7. Hopefully it will assist you :slight_smile:

Please report back whether or not any improvement has been found in re-establishing your internet connection and being able to have Windows
Firewall function properly without error(s).

If the above does not assist you, perhaps a repair installation may be needed.

All my best!

Get the fixit from here:

I tried running the fixit…no luck.

I reset winsock…no luck.

I confirmed winsock and winsock2 are in the registry.

Any other suggestions? There is no restore point prior to this issue for me to go back to.

  • Which avast!..?? (Free/Pro/IS)
  • Which version…??
  • OS…?? (32/64 Bit…? - which SP…?)
  • Other security related software installed…??
  • Which AV did you use before avast!..??

Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center
[*]Windows Update
[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
]Please copy and paste the log to your reply.

Avast free, current version (2 weeks ago), windows 7 sp1 32 bit, had mcafee installed (which expired) before installing avast.

The only site I found to download Farbar had 100 or so downloads and it is not signed…not sure I’m comfortable with that.

Download from the link in jeffce’s post.

Hi Jroffman :slight_smile:

Thank you for the additional info. Good old Mcafee, a history of not always playing nice
when uninstalled, as well as Norton, etc. How did you remove Mcafee? Control panel,
Programs Features? If so, you should also run this tool from Mcafee in case there is
still remnants causing problems, especially with corrupt LSP issues, connection issues, etc.

Here is Mcafee uninstall tool:

You can follow the instructions from here, then use the MCPR.exe tool:

Edit: please remember to right click the tool and run as “administrator”.

It sounds very possible that Mcafee may have been a source of corruption in regards to
your connection issues, or at least a source, such as corrupting LSP, winsock, etc. as I have seen this happen
before. I was not aware that you had Mcafee installed, so running the above MCPR uninstall tool
might offer some help in getting rid of remnants left behind. It is my personal opinion that some
of the ‘big boys’ appear to corrupt and/or disable certain functioning upon uninstall so that one is
often forced to reinstall their product. Just my opinion, but it happens too frequently not to suspect this.

Please run the Mcafee product uninstall tool after downloading it to desktop as it is likely their standard uninstall
feature left behind enough to cause issues, and that makes it very frustrating. Hopefully, the above can be of some help.
Please report back.

Have a nice memorial day sir. :slight_smile:

All my best!

I ran the McAfee uninstall tool successfully although it did not address/solve my issue.

Here are the results from my Farbar Service Scan…

Farbar Service Scanner Version: 25-05-2012
Ran by Kitchen (administrator) on 27-05-2012 at 22:18:06
Running from "F:"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal

Internet Services:

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache: “C:\Windows\System32\dnsrslvr.dll”.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp: “C:\Windows\system32\dhcpcore.dll”.

tdx Service is not running. Checking service configuration:
The start type of tdx service is set to Disabled. The default start type is System.
The ImagePath of tdx service is OK.

Connection Status:

Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:


System Restore:

System Restore Disabled Policy:

Action Center:

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: “C:\Windows\system32\wuaueng.dll”.

Windows Autoupdate Disabled Policy:

File Check:

C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit

ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


Looks like we have some issues here… let’s see what we can get done. :slight_smile:

Please run Farbar Service Scanner.
Type the following in the edit box after “Search:”.


Click Search Files button and post the log (FSS.txt) it makes to your reply.

Farbar Service Scanner Version: 25-05-2012
Ran by Kitchen (administrator) on 28-05-2012 at 00:33:36
Microsoft Windows 7 Home Premium Service Pack 1 (X86)

======== Search: “tdx.sys” =========

[2009-07-13 19:12] - [2009-07-13 19:12] - 0074240 ____A (Microsoft Corporation) CB39E896A2A83702D1737BFD402B3542

====== End Of Search ======

Could the following apply to you?

Hi Jroffman

I found a few things that may offer additional assistance to you.

The following link contains a zip file including registry keys that when merged
into your Windows 7 registry, should help rebuild the registry data necessary for connectivity.

This site is about the Farbar app you ran,
plus it contains the link right below that may be of valuable
help to you…at least we hope so!
This is the file you need for Windows 7: Click the first file shown, “” and download the file to your desktop.
(I did make sure the file is ‘safe’ before writing these instructions.)

Inside the compressed file are a total of 21 registry keys that you need to extract to a folder. Create a new
folder on your desktop and call it ‘win7regkeys’ or whatever you choose. Then extract the zip file reg keys into
the newly created folder. Then right click each extracted .reg file within your newly created folder and choose
“Merge” from the context menu to write these registry values to your registry.

In regards to the missing file issues, these should be on your windows 7 dvd. If I am not mistaken, after you “Merge”
these entries into your registry, you should run “SFC /scannow” from an elevated command prompt. Meaning, go to Start,
All programs, Accessories, right click Command Prompt and choose “run as administrator”. At the command prompt window,
type in “SFC /scannow” (without the quotes) and have your windows 7 cd handy. As SFC (system file checker) finds the needed missing files,
it should assist you in replacing those missing files, likely asking for the windows 7 installation disk. Place your cd into the drive and
SFC should replace what is missing. Follow its instructions.

Then there is a batch file within the folder you newly created for the extracted zip files. This batch will start your BFE and Windows firewall service,
by calling this command: net start bfe and this one: net start mpssvc All you need to do to run this batch file is right click the file and again,
choose “run as administrator” AFTER you replace the missing files tdx.sys , etc. that were reported by Farbar as missing.

If you get through all of this, and are able to get the proper services running, reboot and let us know if it helped. I apologize if I have missed any
instruction, regarding the SFC command, it has been a long time since I dealt with SFC but its purpose is to check and validate system files and replace
those missing or changed, etc.

Have a peaceful day Jroffman, and hope we can help you get to the bottom of this. So far at least we are narrowing it down it appears with all
the good comments and instructions from everyone.

All my best!


I was able to try all of the above. A couple of notes…not all the registry keys could be merged because some were in use…a little less than half of them could be replaced.

I did run SFC successfully and it said it found some corrupt files and fixed them (results are in the CBS.log which I could paste relevant portions of into this thread). I then rebooted and found that the problem still persists. I did post the Farbar log results after running it again (following the steps you outlined). Let me know what other ideas you might have…

Farbar Service Scanner Version: 25-05-2012
Ran by Kitchen (administrator) on 28-05-2012 at 10:33:06
Running from “C:\Users\Kitchen\Desktop”
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal

Internet Services:

Connection Status:

Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:


System Restore:

System Restore Disabled Policy:

Action Center:

Windows Update:

Windows Autoupdate Disabled Policy:

File Check:

C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****