Quick Fix: AFD.sys / AFD Service is missing Windows XP
November 25, 2011 42 Comments
I had a customer email me yesterday with the following symptoms…
This particular client is located in France, so a site visit is a little tricky. Luckily they had a second computer, and we could talk through Skype. I did some basic connectivity tests like ipconfig, the IP was reported as 0.0.0.0 with a subnet mask of 0.0.0.0. I tried to do a netsh int ip reset resetlog.txt which didn’t help to resolve the issue, we also tried things like safe mode, system restore etc.
I then asked the user to set a static IP, which after a reboot gave them local network access, and more importantly allowed me to login to the computer through RDP.
I looked in the services console to check for DHCP Client, which was not running. When i tried to run it, it complained about a dependency being either deleted or marked for deletion. Very odd. Checking in the event logs, sure enough i found a lot of events similar to this.
The AFD service seemed to be the culprit. Not one i had heard of before so i did a little investigating and found it is tightly integrated into the WinSock and TCP/IP Stack. So kind of critical to network function.
At this point we still did not have full internet access, so downloading Malware scanners or patches was difficult, and i was having to download them first to the Server, then browse the network for them.
I used Kaspersky’s famous TDSS Killer, which came up with zero threats and also found a few forum posts to look through, none of which gave me any solution.
Looking through the registry at HKLM\System\CurrentControlSet\Services\ I could not see anything called AFD. I switched over to my Hyper-V server which has an XP Client running for reference, sure enough on this box there was indeed an AFD service at that location.
I also noticed on the clients PC that AFD.sys was missing from the C:\Windows\System32\Drivers folder, so i found a copy in one of the $NTUninstall$ folders, and copied it back.
I then exported the Registry Key for the AFD service on my reference machine, copied it across to the Clients PC, imported the registry key and rebooted.
After a reboot all of the services that were failing are now started, and the computer can access the internet.
Has this post helped you out? If so, please consider donating to Room to Read by way of showing your appreciation!