Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SmitFraud and Other Fake Anti-virus Popups [CLOSED]


  • This topic is locked This topic is locked

#1
WiscoMan

WiscoMan

    Member

  • Member
  • PipPip
  • 10 posts
I run Spybot, AVG 8.0, and Malwarebytes Malware. I also ran a SmitFraud Fix yesterday. There were still some issues this morning with slow internet and yahoo.com would not fully download so I went into Hijack This on my own and removed some questionable entries following the scan. In doing this I inadvertently deleted something that has left me with absolutely no Internet access. I have no IP address and the network will not repair itself. When I run the command ipconfig/flushdns the result is simply "Windows IP Configuration" with nothing else. I have no IP address, mask or any of that stuff (not zeroes, just blank). When I click repair for the network connection I get the following error...failed to query TCP/IP settings of the connection. I do not have a Windows XP disk and no packets are being received or sent. System Restore does not work. I have run ATF cleaner and DSS (logs below) Please help get my Internet back!! I also have military time in my task bar which i'd like to change back
I Was able to drag the new HijackThis in from a usb pen drive. Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:40, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Application Data\U3\0000167EB7722859\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3516 bytes

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-31 15:09:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-07-31 20:09:45 UTC - RP709 - Deckard's System Scanner Restore Point
79: 2008-07-31 18:46:23 UTC - RP708 - Removed Symantec Technical Support Web Controls
78: 2008-07-31 15:25:19 UTC - RP707 - Restore Operation
77: 2008-07-31 14:25:04 UTC - RP706 - Removed LiveUpdate Notice (Symantec Corporation)
76: 2008-07-31 14:24:26 UTC - RP705 - Removed LiveUpdate (Symantec Corporation)


-- First Restore Point --
1: 2008-07-30 17:41:24 UTC - RP630 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:28, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3408 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 cpqdfw (Diagnostics Driver) - c:\windows\system32\drivers\cpqdfw.sys
R2 cq_mem (Diagnostics Memory Driver) - c:\windows\system32\drivers\cq_mem.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 cqcpu (Diagnostics CPU Driver) - c:\windows\system32\drivers\cqcpu.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>

S1 twpR64 (UDP netbios mapping) - c:\windows\system32\twpr64.sys (file missing)
S2 twpR32 (UDP32 netbios mapping) - c:\windows\system32\twpr64.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 14:23:15 0 d-------- C:\Program Files\Trend Micro
2008-07-31 10:23:57 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-30 15:10:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-30 15:09:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 15:09:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 14:33:45 2696 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 14:32:44 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-30 14:32:43 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-30 14:32:42 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-30 14:32:41 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-30 14:32:40 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-30 14:32:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-30 14:32:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-30 13:33:40 0 -rahs---- C:\MSDOS.SYS
2008-07-30 13:33:40 0 -rahs---- C:\IO.SYS
2008-07-30 12:30:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-07-17 10:43:45 0 d-------- C:\Program Files\viewsonic


-- Find3M Report ---------------------------------------------------------------

2008-07-31 14:21:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-07-31 13:46:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 10:23:52 0 d-------- C:\Program Files\Google
2008-07-21 04:50:34 0 d-------- C:\Program Files\LimeWire
2008-07-17 10:43:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 14:36:58 0 d-------- C:\Program Files\Incomplete
2008-06-16 10:32:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\W Photo Studio
2008-06-16 10:32:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Walgreens
2008-06-16 10:32:02 0 d-------- C:\Program Files\Common Files
2008-06-16 10:32:02 0 d-------- C:\Program Files\Common Files\HP
2008-06-16 10:32:00 0 d-------- C:\Program Files\Walgreens
2008-06-16 10:23:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\W Photo Studio Viewer
2008-06-11 10:50:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-11 09:15:08 0 d-------- C:\Program Files\AVG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/30/2004 11:41]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/30/2004 11:37]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [07/30/2003 12:08]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [11/20/2003 13:01]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 00:43]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 15:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 14:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [7/17/2008 10:44:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR64.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa2b6f83-ed78-11dc-b46f-0015605b9a82}]
AutoRun\command- E:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7897 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-31 15:11:13 ------------

Edited by WiscoMan, 31 July 2008 - 02:27 PM.

  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Its cases like this that just go to show you should never run tools with out supervision :) Internet connections are not really my specialty, but lets give it a try.

HijackThis Restore function

The HijackThis log contains both good and bad entries, it appears that you may have deleted some good entries. hopefully we can restore the deleted entries and then take steps to clean your computer of any infections, so don’t worry about restoring things that are bad we can always re-clean your system.

Start HijackThis
select: View the list of backups (If you do not see this button, select Config at the bottom-right, then choose backups from the top).
Next: Go down the list of entries and place a check mark in the boxes of every entry.
then click on: Restore
then click on: Back
then click on: Do a system scan and save a log file.

Notepad will appear with a copy of the logfile. Please copy and paste this log in your next reply and wait for the next set of instructions. Also let me know if you got your internet back :)
  • 0

#3
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The list of backups was empty. Here is the logfile. No Internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:56, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3390 bytes
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again,

Hmmm the backups should be there? Did you delete them out of HijackThis after you fixed the entries?

Lets try starting your computer by using the Last Known Good Configuration feature


To start your computer by using the Last Known Good Configuration feature, follow these steps:

1. Start your computer.
2. When you see the "Please select the operating system to start" message, press the F8 key.
3. When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
4. If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.


Let me know how this works out :)
  • 0

#5
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi-
It Didn't work. I did not delete anything from the back-ups....didn't even know that component existed. Still no internet.
  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi WiscoMan,

don't worry were not out of the game yet, please go HERE and follow the directions on how to reset your internet protocol.

When your done let me know how it turned out :)
  • 0

#7
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran the guided help and........nothing. :) When I try to repair the connection I get the following error message.
"failed to query TCP/IP settings of the connection". I'm stumped.

I ran a Network Diagnostics that says my Internet Explorer Web Proxy is not configured.
I still have no IP address.

Edited by WiscoMan, 04 August 2008 - 06:33 PM.

  • 0

#8
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again,

it might be that a malicious .DLL file is disrupting the LSP chain on your computer.
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading on the system with no internet.
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of XXXXX.dll.
  • Select every instance of XXXXX.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish>>.

let me know if this gets you back on :)
  • 0

#9
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It says no problems found. There are 3 XXXXX.dll files listed. They are as follows. mswsock.dll (Tcpip), winrnr.dll (NTDS), and rsvpsp.dll ((Protocol handler)). Should I proceed and "remove" these? I would go ahead and do it without asking but "knowing what i'm doing" is what got me in trouble in the 1st place. :)
  • 0

#10
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again,

No those are fine so don’t remove them :)


I ran a Network Diagnostics that says my Internet Explorer Web Proxy is not configured.



lets dot this….

To specify a proxy server for Internet Explorer
  • From the Tools menu, choose Options and on the Web Browser page, choose Internet Options button.
  • In the Internet Properties dialog box, choose LAN Settings on the Connections tab.
  • In the Proxy server area, select Use a proxy server for your LAN.
  • Specify and the address and port number that matches your network.

let me know how that works out :)
  • 0

Advertisements


#11
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have no idea what to specify as directed in the last direction. I wants an address and a port. What should I enter in there?
  • 0

#12
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts

I have no idea what to specify as directed in the last direction. I wants an address and a port. What should I enter in there?


Hi WiscoMan,

That type information is something you would/should know as its different for each user, and really hard for us to just know. Please give me as much information as you can about the following.

Do you have a router / type?
Are you sharing your internet with a network either home or office?
What type of connection do you have (dial up, DSL, Cable etc..) ?
Who is your service provider?

And any other information that you think might be able to help :) .

Thanks,
  • 0

#13
WiscoMan

WiscoMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It's a standalone through a cable modem and Charter Communications is the provider. My connection is established and my NIC is working correctly. No packets are being sent in or out. It says my Local Area Connection is Connected using a Broadcom NexXtreme Gigabit Ethernet card. Speed 100.0Mbps. No activity, no packets sent or received. In Properties under the General Tab the dialogue box below "Connect Using" is my NIC card and it is configured. Below that in the "This Connection uses the following items:" I have only a Client for Microsoft Networks and nothing else. When I click "Install" it takes me to Select Network Component Type. I click on protocol and it tells me the following error message: Could not add the requested component. The error is: The system cannot find the file specified.


In the Local Area Connection Status Window under the Support tab in the Connection Status area it tells me I have no address type, IP Address, Subnet Mask, or Default Gateway. I click details and it is also blank. When I click repair, it tells me "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed."

When I go into Internet options and the connections tab to click Lan Settings I get no address or port in the Proxy Server area. Where would I get this info? It was installed by a technician from the cable company, but that side of the connection seems to work just fine.
  • 0

#14
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello WiscoMan,

Sorry for the delay, but I have been consulting with the some of the experts to see if there is anything else we can do. Here is some inforomation we found HERE about Charter Communications modems and the Modem Internals Basic Settings that they use. See if that can help you out any, and if not I would recommend contacting Charter Communications (your cable company) that way someone who knows how the settings should be might be able to point you in the right direction and get you online again. They might be able to talk you through it on the phone or they might have to send a tech out.

Also I just wanted to throw out there that when I got my cable internet set up it came with an instruction booklet where the tech hand wrote the information in it as he was doing it, so I have a copy of everything. You might just want to have a look and see if they did the same for you.


Let me how it turns out with Charter, and as soon as you get back online we can clean your system :) .
  • 0

#15
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello WiscoMan,

hows it coming along with the cable company, any luck?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP