Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

security 2012 virus


  • Please log in to reply

#91
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Did it automatically install? or just unpack the file into an HP folder somewhere. You may need to find the folder and run the setup.exe program or right click on the .inf program.

Right click on My Computer and select Manage then Device Manager. Click on the + in front of Network Adapters and look at the adapters. I assume one of them says Realtek. Right click on Realtek and select Properties. Does it say it is working properly? Does Device Usage say Use this Device (Enabled) Click on Driver then on Driver Details. What files does it list? Just the names. I don't need the full paths.

Close Device Manager.

Control panel, Network Connections, Under LAN or High-Speed Internet Do you have just the one called Local Area Connection 2? Does it say Connected?

Disconnect the Internet Cable. It should get a red X, does it? Reconnect the cable.

Right click on it and select Properties. What does it say under Connect Using?

Close that page and go back to Network Connections page.

Right click on the Local Area Connection 2 (or the one that says Connected) and Repair. I doubt it will do anything but you never know.
  • 0

Advertisements


#92
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
pretty sure it installed, i had to click on agree and then it updated it. the realtek does say this device is working properly and device usage says use this device (enable)

the driver file list only one it is rtnicxp.sys

under lan or high speed internet i have two

local area connection 7 which says connected realtek family fast
and also 1394 connection 2 which says connected 1394 net adapter

when unconnecting the internet cable is got a red x on the local are connection 7 only (the realtek one)

under properties it says connect using realtek

when i right click on this connection the repair was not highlighted as an option so i am rebooting. also when rebooting a file named imapp.exe always refusing to close right away. also my busy yellow light on the pc stays on all the time

ok rebooted and now i can click on repair i box comes up and says windows could not finish repairing the problem because the following action cannot be completed: failed to query TCP/IP settings of the connection. cannot proceed
  • 0

#93
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
imapp.exe is IncrediMail. It's probably upset because it can't get on line.

Try disconnecting the internet cable. Then try to reinstall tcpip
  • 0

#94
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i disconnected the cable and tried step #81 again, but still cannot download that file still says the same error as in step #82
  • 0

#95
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
See if this does anything different:

Start, Run, cmd, OK

C:\WINDOWS\inf\nettcpip.inf  -c  p  -i  MS_TCPIP

  • 0

#96
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i got this pop up text

; NETTCPIP.INF -- TCP/IP Protocol
;
; Copyright 1993-1999, Microsoft Corporation

[Version]
Signature = "$Windows NT$"
Class = NetTrans
ClassGUID = {4d36e975-e325-11ce-bfc1-08002be10318}
Provider = %Msft%
LayoutFile = layout.inf
DriverVer=07/01/2001,5.1.2600.5512

[Manufacturer]
%Msft% = Msft

[Msft]
%MS_TCPIP.DisplayName% = MS_TCPIP.PrimaryInstall, MS_TCPIP ;TCP/IP
%MS_WINS.DisplayName% = MS_WINS.PrimaryInstall, MS_NetBT ;WINS
%MS_NETBT_SMB.DisplayName% = MS_NETBT_SMB.PrimaryInstall, MS_NETBT_SMB ;NETBT_SMB

[ControlFlags]
ExcludeFromSelect = MS_NetBT,MS_NETBT_SMB ; NetBt and NetBt_Smb are sub-components of Tcpip

;****************************************************************************
; TCP/IP
;****************************************************************************

;=======================
; TCP/IP Primary Install
;=======================

[MS_TCPIP.PrimaryInstall]
; TCPIP has properties to display
Characteristics = 0xA0 ; NCF_HAS_UI | NCF_NOT_USER_REMOVABLE
AddReg = Registry.MS_TCPIP.PrimaryInstall, Registry.MS_TCPIP, Registry.MS_TCPIP.Legacy
RegisterDlls = MS_TCPIP.Register

[Registry.MS_TCPIP.PrimaryInstall]
HKR,Ndi,ClsId,,"{A907657F-6FDF-11D0-8EFB-00C04FD912B2}"
HKR,Ndi,HelpText,,"@netcfgx.dll,-50001"
HKR,Ndi,Service,,"Tcpip"
HKR,Ndi,CoServices,%FLG_ADDREG_TYPE_MULTI_SZ%,"Tcpip", "Netbt", "Lmhosts", "Dhcp", "Dnscache", "PolicyAgent", "Nla"
HKR,Ndi,ExcludeSetupStartServices, 0x00010000, "PolicyAgent"
HKR,Ndi\Interfaces,UpperRange,,"tdi"
HKR,Ndi\Interfaces,LowerRange,,"ndis4,ndis5,ndisatm,ndiswanip,ndis5_ip,ndis1394"

;=====================================
; TCP/IP Interface and Service Install
; 0x10 = SPSVCINST_NOCLOBBER_STARTTYPE
;=====================================

[MS_TCPIP.PrimaryInstall.Services]
AddService = Tcpip, 0, Install.AddService.TCPIP, NetEventLog
AddService = Dhcp, 0x400, Install.AddService.DHCP, DhcpEventLog
AddService = Dnscache, 0, Install.AddService.DNSCACHE, NetEventLog
AddService = IPSec, 1, Install.AddService.IPSEC, NetEventLog
AddService = PolicyAgent, 0x10, Install.AddService.PolicyAgent, PolicyAgentEventLog
AddService = Atmarpc, 0, ATMARPC.AddService, NetEventLog
AddService = Nla, 0, Install.AddService.NLA, NetEventLog

[MS_TCPIP.Register]
11,, polstore.dll, 1
11,, ipsecsnp.dll, 1

[MS_TCPIP.Unregister]
11,, polstore.dll, 1
11,, ipsecsnp.dll, 1

; Remove old IPSec Snapin references (Tool no longer present)

; Install Tcpip service
[Install.AddService.TCPIP]
DisplayName = %MS_TCPIP.TCPIP.ServiceDescription%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 1 ;SERVICE_SYSTEM_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\tcpip.sys
Dependencies = IPSec
LoadOrderGroup = PNP_TDI
AddReg = Registry.Service.TCPIP.Parameters.Secure,Registry.Service.TCPIP.Secure,Registry.Service.TCPIP
Description = %MS_TCPIP.TCPIP.ServiceDescription%

; Install Winsock dependency
[MS_TCPIP.PrimaryInstall.Winsock]
AddSock = Install.TcpipWinsock
AddSock = Install.LDAPWinsock
AddSock = Install.NlaWinsock

[Install.TcpipWinsock]
TransportService = Tcpip
HelperDllName = "%SystemRoot%\System32\wshtcpip.dll"
MaxSockAddrLength = 0x10
MinSockAddrLength = 0x10
LibraryPath="%SystemRoot%\System32\mswsock.dll"
DisplayString=%MS_TCPIP.Provider_Desc%
SupportedNameSpace=12
Version=0
ProviderId="{22059d40-7e9e-11cf-ae5a-00aa00a7112b}"

[Install.LDAPWinsock]
TransportService = Tcpip
HelperDllName = "%SystemRoot%\System32\wshtcpip.dll"
MaxSockAddrLength = 0x10
MinSockAddrLength = 0x10
LibraryPath="%SystemRoot%\System32\winrnr.dll"
DisplayString=%MS_NTDS.Provider_Desc%
SupportedNameSpace=32
SchemaSupport=0
ProviderId="{3b2637ee-e580-11cf-a555-00c04fd8d4ac}"

[Install.NlaWinsock]
TransportService = Tcpip
HelperDllName = "%SystemRoot%\System32\wshtcpip.dll"
MaxSockAddrLength = 0x10
MinSockAddrLength = 0x10
LibraryPath="%SystemRoot%\System32\mswsock.dll"
DisplayString=%MS_TCPIP.Nla.Provider_Desc%
SupportedNameSpace=15
Version=0
ProviderId="{6642243A-3BA8-4aa6-BAA5-2E0BD71FDD83}"

; Install DHCP service
[Install.AddService.DHCP]
DisplayName = %MS_TCPIP.DHCP.DisplayName%
ServiceType = 0x20 ;SERVICE_WIN32_SHARE_PROCESS
StartType = 2 ;SERVICE_AUTO_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %11%\svchost.exe -k netsvcs
LoadOrderGroup = TDI
Dependencies = Tcpip, Afd, NetBT
StartName = LocalSystem
AddReg = Registry.Service.DHCP.Configuration.Secure,Registry.Service.DHCP.Secure,Registry.Service.DHCP
Description = %MS_TCPIP.DHCP.ServiceDescription%
Security = "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"


; Install DNS Caching Resolver Service
[Install.AddService.DNSCACHE]
DisplayName = %MS_TCPIP.DNSCACHE.DisplayName%
ServiceType = 0x20 ;SERVICE_WIN32_SHARE_PROCESS
StartType = 2 ;SERVICE_AUTO_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %11%\svchost.exe -k NetworkService
Dependencies = Tcpip
LoadOrderGroup = TDI
StartName = "NT AUTHORITY"\NetworkService
AddReg = Registry.Service.DNSCACHE.Secure,Registry.Service.DNSCACHE
Description = %MS_TCPIP.DNSCACHE.ServiceDescription%
Security = "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;0x40;;;LS)(A;;0x40;;;NS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-32-556)"

; Install IPSEC Service
[Install.AddService.IPSEC]
DisplayName = %MS_TCPIP.IPSEC.ServiceDescription%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 1 ;SERVICE_SYSTEM_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\ipsec.sys
LoadOrderGroup = PNP_TDI
Description = %MS_TCPIP.IPSEC.ServiceDescription%

; Install PolicyAgent Service
[Install.AddService.PolicyAgent]
DisplayName = %MS_TCPIP.PolicyAgent.DisplayName%
ServiceType = 0x20 ;SERVICE_WIN32_SHARE_PROCESS
StartType = 0x2 ;SERVICE_AUTO_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %11%\lsass.exe
LoadOrderGroup =
Dependencies = RPCSS, Tcpip, IPSec
StartName = LocalSystem
Description = %MS_TCPIP.PolicyAgent.ServiceDescription%

; Install Winsock Mobility service
[Install.AddService.NLA]
DisplayName = %MS_TCPIP.Nla.DisplayName%
ServiceType = 0x20 ;SERVICE_WIN32_SHARE_PROCESS
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %11%\svchost.exe -k netsvcs
LoadOrderGroup =
Dependencies = Tcpip, Afd
AddReg = Registry.Service.Nla
Description = %MS_TCPIP.Nla.ServiceDescription%
; Allow : Authenticated Users to query/start service
; Power Users to query/start/stop/pause service
; Administrators full control
Security = "D:(A;;0x2019D;;;AU)(A;;0x201FD;;;PU)(A;;0xF01FF;;;BA)"


[Registry.MS_TCPIP]
;RPC protocols for tcpip
HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncacn_ip_tcp,,"rpcrt4.dll"
HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncadg_ip_udp,,"rpcrt4.dll"
HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncacn_http,,"rpcrt4.dll"



[Registry.MS_TCPIP.Legacy]
;Some legacy apps use the following key to check whether tcp is installed
HKLM,SOFTWARE\Microsoft\Tcpip\CurrentVersion,,%FLG_ADDREG_KEYONLY%

[Registry.MS_TCPIP.Legacy.Remove]
HKLM,SOFTWARE\Microsoft\Tcpip
HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncacn_nb_tcp,,"rpcrt4.dll"


[Registry.Service.DHCP.Configuration.Secure]
HKR,Configurations,,%FLG_ADDREG_KEYONLY%

[Registry.Service.DHCP.Configuration.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;NS)(A;CI;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)"

[Registry.Service.DHCP.Secure]
HKR,Parameters,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\Options,,%FLG_ADDREG_KEYONLY%

[Registry.Service.DHCP.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;NS)(A;CI;GA;;;LS)(A;CI;GR;;;NO)"

[Registry.Service.DHCP]
;add keys which instruct DHCP where to find TCPIP options
HKR,Linkage\Disabled,,%FLG_ADDREG_KEYONLY%

HKR,Parameters\Options\1,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000007
HKR,Parameters\Options\1,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt","SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt"

HKR,Parameters\Options\15,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\15,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain","SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain"

HKR,Parameters\Options\3,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000007
HKR,Parameters\Options\3,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway","SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway"

HKR,Parameters\Options\6,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\6,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer","SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer"

HKR,Parameters\Options\44,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\44,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList","SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer"

HKR,Parameters\Options\46,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000004
HKR,Parameters\Options\46,RegLocation,,"SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType"

HKR,Parameters\Options\47,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\47,RegLocation,,"SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID"

HKR,Parameters\Options\DhcpNetbiosOptions,KeyType,%FLG_ADDREG_TYPE_DWORD%,0x00000004
HKR,Parameters\Options\DhcpNetbiosOptions,OptionId,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\DhcpNetbiosOptions,VendorType,%FLG_ADDREG_TYPE_DWORD%,0x00000001
HKR,Parameters\Options\DhcpNetbiosOptions,RegLocation,%FLG_ADDREG_TYPE_MULTI_SZ%,"SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions"

HKR,Parameters,ServiceDll,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\dhcpcsvc.dll"

[Registry.Service.TCPIP.Parameters.Secure]
HKR,Parameters,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\Adapters,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\Interfaces,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\PersistentRoutes,,%FLG_ADDREG_KEYONLY%
HKLM,System\CurrentControlSet\Services\Tcpip\Linkage,,%FLG_ADDREG_KEYONLY%

[Registry.Service.TCPIP.Parameters.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;NS)(A;CI;GR;;;LS)(A;CI;GRGW;;;NO)"

;
; No Delete, WDAC and WOWN permissions for NS on keys which contain
; paths of executables. Granting "Create Subkey" as it should be
; safe without delete.
;
[Registry.Service.TCPIP.Secure]
HKLM,System\CurrentControlSet\Services\Tcpip,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\Winsock,,%FLG_ADDREG_KEYONLY% ; add
HKR,ServiceProvider,,%FLG_ADDREG_KEYONLY% ; add

[Registry.Service.TCPIP.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GRLCSWCCRPRC;;;NS)(A;CI;GR;;;LS)(A;CI;CCLCSWRPRC;;;NO)"

[Registry.Service.TCPIP]
HKLM,"System\CurrentControlSet\Control\ServiceProvider\Order","ExcludedProviders",%FLG_ADDREG_SZ_NO_CLOBBER%,""
HKLM,"System\CurrentControlSet\Control\ServiceProvider\Order","ProviderOrder",%FLG_ADDREG_MULTI_SZ_APPEND%,"Tcpip"

HKR,Performance,Close,,"CloseTcpIpPerformanceData"
HKR,Performance,Collect,,"CollectTcpIpPerformanceData"
HKR,Performance,Library,,"Perfctrs.dll"
HKR,Performance,Open,,"OpenTcpIpPerformanceData"
HKR,Performance,Object List,,"502 510 546 582 638 658"

HKR,ServiceProvider,Class,%FLG_ADDREG_TYPE_DWORD%,8
HKR,ServiceProvider,DnsPriority,%FLG_ADDREG_TYPE_DWORD%,2000
HKR,ServiceProvider,HostsPriority,%FLG_ADDREG_TYPE_DWORD%,500
HKR,ServiceProvider,LocalPriority,%FLG_ADDREG_TYPE_DWORD%,499
HKR,ServiceProvider,ProviderPath,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\wsock32.dll"
HKR,ServiceProvider,NetbtPriority,%FLG_ADDREG_TYPE_DWORD%,2001
HKR,ServiceProvider,Name,,"TCP/IP"

HKR,Parameters,DataBasePath,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\drivers\etc"
HKR,Parameters,NameServer,%FLG_ADDREG_SZ_NO_CLOBBER%,""
HKR,Parameters,ForwardBroadcasts,%FLG_ADDREG_DWORD_NO_CLOBBER%,0
HKR,Parameters,IPEnableRouter,%FLG_ADDREG_TYPE_DWORD%,0

HKR,Parameters\Winsock,"UseDelayedAcceptance",%FLG_ADDREG_TYPE_DWORD%,0x0000

[Registry.Service.DNSCACHE.Secure]
HKLM,System\CurrentControlSet\Services\DnsCache,,%FLG_ADDREG_KEYONLY%
HKR,Parameters,,%FLG_ADDREG_KEYONLY%

[Registry.Service.DNSCACHE.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;NS)(A;CI;GR;;;LS)"

[Registry.Service.DNSCACHE]
HKLM,"System\CurrentControlSet\Services\EventLog\System",Sources, %FLG_ADDREG_MULTI_SZ_APPEND%, "Dnsapi"
HKLM,"System\CurrentControlSet\Services\EventLog\System\Dnsapi",ParameterMessageFile, %FLG_ADDREG_TYPE_EXPAND_SZ%, "%%SystemRoot%%\System32\kernel32.dll"
HKLM,"System\CurrentControlSet\Services\EventLog\System\Dnsapi",EventMessageFile, %FLG_ADDREG_TYPE_EXPAND_SZ%, "%%SystemRoot%%\System32\netevent.dll"
HKLM,"System\CurrentControlSet\Services\EventLog\System\Dnsapi",TypesSupported, %FLG_ADDREG_TYPE_DWORD%, 7
HKR,Parameters,ServiceDll,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\dnsrslvr.dll"

[Registry.Service.Nla]
HKR,Parameters,ServiceDll,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\mswsock.dll"


;====================================
; TCP/IP Interface and Service Remove
;====================================

[MS_TCPIP.PrimaryInstall.Remove]
DelReg = Registry.MS_TCPIP, Registry.MS_TCPIP.Legacy.Remove
UnregisterDlls = MS_TCPIP.Unregister

[MS_TCPIP.PrimaryInstall.Remove.Services]
DelService = Tcpip
DelService = Dhcp
DelService = Dnscache
DelService = IPSec
DelService = PolicyAgent
DelService = Atmarpc
DelService = Nla

[MS_TCPIP.PrimaryInstall.Remove.Winsock]
DelSock = Remove.TcpipWinsock
DelSock = Remove.LDAPWinsock
DelSock = Remove.NlaWinsock

[Remove.TcpipWinsock]
TransportService=Tcpip
ProviderId="{22059d40-7e9e-11cf-ae5a-00aa00a7112b}"

[Remove.LDAPWinsock]
TransportService=Tcpip
ProviderId="{3b2637ee-e580-11cf-a555-00c04fd8d4ac}"

[Remove.NlaWinsock]
TransportService=Tcpip
ProviderId="{6642243A-3BA8-4aa6-BAA5-2E0BD71FDD83}"

;****************************************************************************
; WINS
;****************************************************************************

;=====================
; WINS Primary Install
;=====================

[MS_WINS.PrimaryInstall]
Characteristics = 0x28 ; NCF_HIDDEN | NCF_NOT_USER_REMOVABLE
AddReg = Registry.MS_WINS.PrimaryInstall

[Registry.MS_WINS.PrimaryInstall]
; Class Information
HKR,Ndi,Service,,"NetBT"

; Interfaces
HKR,Ndi\Interfaces,UpperRange,,"netbios"
HKR,Ndi\Interfaces,LowerRange,,"tdi"


;====================================
; WINS Interface and Service Install
;====================================


[MS_WINS.PrimaryInstall.Services]
AddService = LmHosts, 0, Install.AddService.LMHosts, NetEventLog
AddService = NetBT, 0, Install.AddService.NetBT, NetEventLog

[Install.AddService.LMHosts]
DisplayName = %MS_WINS.LMHosts.DisplayName%
ServiceType = 0x20 ;SERVICE_WIN32_SHARE_PROCESS
StartType = 2 ;SERVICE_AUTO_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %11%\svchost.exe -k LocalService
LoadOrderGroup = TDI
Dependencies = NetBT, Afd
StartName = "NT AUTHORITY\LocalService"
AddReg = Registry.Service.LMHosts
Description = %MS_WINS.LMHosts.ServiceDescription%

[Registry.Service.LMHosts]
HKR,Parameters,ServiceDll,%FLG_ADDREG_TYPE_EXPAND_SZ%,"%%SystemRoot%%\System32\lmhsvc.dll"

[Install.AddService.NetBT]
DisplayName = %MS_WINS.WINS.ServiceDescription%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 1 ;SERVICE_SYSTEM_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\netbt.sys
LoadOrderGroup = PNP_TDI
Dependencies = Tcpip
StartName =
AddReg = Registry.Service.NetBT.Parameters.Secure,Registry.Service.NetBT.Secure,Registry.Service.NetBT
Description = %MS_WINS.WINS.ServiceDescription%
Security = "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;DT;;;LS)(A;;DT;;;NS)(A;;CCLCSWRPLOCRRC;;;NO)"

[Registry.Service.NetBT.Parameters.Secure]
HKR,Parameters,,%FLG_ADDREG_KEYONLY%
HKR,Parameters\Interfaces,,%FLG_ADDREG_KEYONLY%

[Registry.Service.NetBT.Parameters.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;NS)(A;CI;GA;;;LS)(A;CI;GRGW;;;NO)"

[Registry.Service.NetBT.Secure]
HKLM,System\CurrentControlSet\Services\NetBT,,%FLG_ADDREG_KEYONLY%

[Registry.Service.NetBT.Secure.Security]
"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;NS)(A;CI;GR;;;LS)(A;CI;CCLCSWRPRC;;;NO)"

[Registry.Service.NetBT]
HKR,Linkage,OtherDependencies,%FLG_ADDREG_TYPE_MULTI_SZ%,"Tcpip"

HKR,Parameters,NbProvider,,"_tcp"
HKR,Parameters,NameServerPort,%FLG_ADDREG_DWORD_NO_CLOBBER%,137
HKR,Parameters,CacheTimeout,%FLG_ADDREG_DWORD_NO_CLOBBER%,600000
HKR,Parameters,BcastNameQueryCount,%FLG_ADDREG_DWORD_NO_CLOBBER%,3
HKR,Parameters,BcastQueryTimeout,%FLG_ADDREG_DWORD_NO_CLOBBER%,750
HKR,Parameters,NameSrvQueryCount,%FLG_ADDREG_DWORD_NO_CLOBBER%,3
HKR,Parameters,NameSrvQueryTimeout,%FLG_ADDREG_DWORD_NO_CLOBBER%,1500
HKR,Parameters,Size/Small/Medium/Large,%FLG_ADDREG_DWORD_NO_CLOBBER%,1
HKR,Parameters,SessionKeepAlive,%FLG_ADDREG_DWORD_NO_CLOBBER%,3600000
HKR,Parameters,TransportBindName,,"\Device\"

;==================================
; WINS Interface and Service Remove
;==================================

[MS_WINS.PrimaryInstall.Remove.Services]
DelService = LmHosts
DelService = NetBT

;********************************
; ATM ARPC section
;********************************

[ATMARPC.AddService]
DisplayName = %MS_ATMARPC.DeviceDesc%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\atmarpc.sys
LoadOrderGroup = NDIS
Dependencies = Tcpip
Description = %MS_ATMARPC.DeviceDesc%


;**********************************************************
; NETBT_SMB section
;**********************************************************
[MS_NETBT_SMB.PrimaryInstall]
Characteristics = 0x38 ; NCF_HIDDEN|NCF_NO_SERVICE|NCF_NOT_USER_REMOVABLE
AddReg = Registry.MS_NETBT_SMB.PrimaryInstall

[Registry.MS_NETBT_SMB.PrimaryInstall]
HKR, Ndi, BindForm, 0, "NetbiosSmb"
HKR, Ndi, HelpText, 0, %MS_NETBT_SMB.HelpText%
HKR, Ndi\Interfaces, UpperRange, 0, "netbios_smb"
HKR, Ndi\Interfaces, LowerRange, 0, "nolower"

;****************************************************************************
; [Event Log] sections.
;****************************************************************************
[NetEventLog]
AddReg = NetEventLog.AddReg

[NetEventLog.AddReg]
HKR,,EventMessageFile,0x00020000,"%%SystemRoot%%\System32\netevent.dll;%%SystemRoot%%\System32\xpsp2res.dll"
HKR,,TypesSupported,0x00010001,7


[DhcpEventLog]
AddReg = DhcpEventLog.AddReg

[DhcpEventLog.AddReg]
HKR,,EventMessageFile,0x00020000,"%%SystemRoot%%\System32\dhcpcsvc.dll"
HKR,,ParameterMessageFile,0x00020000,"%%SystemRoot%%\System32\kernel32.dll"

[PolicyAgentEventLog]
AddReg = PolicyAgentEventLog.AddReg

[PolicyAgentEventLog.AddReg]
HKR,,EventMessageFile,0x00020000,"%%SystemRoot%%\System32\polagent.dll"
HKR,,TypesSupported,0x00010001,7
HKLM,SOFTWARE\Microsoft\IPSec,,%FLG_ADDREG_KEYONLY%


[Strings]
Msft = "Microsoft"

;TCPIP strings
MS_TCPIP.DisplayName = "Internet Protocol (TCP/IP)"
MS_TCPIP.DHCP.DisplayName = "DHCP Client"
MS_TCPIP.DHCP.ServiceDescription = "Manages network configuration by registering and updating IP addresses and DNS names."
MS_TCPIP.TCPIP.ServiceDescription = "TCP/IP Protocol Driver"

MS_TCPIP.Provider_Desc = "Tcpip"
MS_NTDS.Provider_Desc = "NTDS"

;WINS strings
MS_WINS.DisplayName = "WINS Client(TCP/IP) Protocol"
MS_WINS.LMHosts.DisplayName = "TCP/IP NetBIOS Helper"
MS_WINS.LMHosts.ServiceDescription = "Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution."
;MS_WINS.WINS.ServiceDescription = "WINS Client(TCP/IP) Protocol Driver"
MS_WINS.WINS.ServiceDescription = "NetBios over Tcpip"

;ATM ARPC
MS_ATMARPC.DeviceDesc = "ATM ARP Client Protocol"

;DNSCACHE
MS_TCPIP.DNSCACHE.DisplayName = "DNS Client"
MS_TCPIP.DNSCACHE.ServiceDescription = "Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start."

; IPSEC
MS_TCPIP.IPSEC.ServiceDescription = "IPSEC driver"
MS_TCPIP.Oakley.ServiceDescription = "ISAKMP/Oakley Key Manager"
MS_TCPIP.PolicyAgent.DisplayName = "IPSEC Services"
MS_TCPIP.PolicyAgent.ServiceDescription = "Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."

; Winsock Mobility strings
MS_TCPIP.Nla.DisplayName = "Network Location Awareness (NLA)"
MS_TCPIP.Nla.ServiceDescription = "Collects and stores network configuration and location information, and notifies applications when this information changes."
MS_TCPIP.Nla.Provider_Desc = "Network Location Awareness (NLA) Namespace"

IPSEC_Group_Name = "Administrative Tools"
IPSEC_Admin_Desc = "IP Security Management"

; NETBT_SMB
MS_NETBT_SMB.DisplayName = "Message-oriented TCP/IP Protocol (SMB session)"
MS_NETBT_SMB.HelpText = "A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."

; AddReg flags
FLG_ADDREG_TYPE_EXPAND_SZ = 0x00020000
FLG_ADDREG_TYPE_MULTI_SZ = 0x00010000
FLG_ADDREG_TYPE_DWORD = 0x00010001
FLG_ADDREG_KEYONLY = 0x00000010
FLG_ADDREG_SZ_NO_CLOBBER = 0x00000002
FLG_ADDREG_MULTI_SZ_APPEND = 0x0001000A
FLG_ADDREG_TYPE_BINARY = 0x00000001
FLG_ADDREG_DWORD_NO_CLOBBER = 0x00010003
  • 0

#97
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
That wasn't exactly what I was expecting but Oh well.

Let's look at the tcpip service in the registry. Did it really get uninstalled?

Copy the text in the code box by highlighting and Ctrl + c

:files
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcp /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afd /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netbt /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atmarpc /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsock /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsock2 /s /c 
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root /s /c   
reg query HKEY_CLASSES_ROOT\NETWORKCONNECTIONS /s /c


then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and attach it to a reply.
  • 0

#98
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
HAPPY NEW YEARS!! MAY 2012 BRING YOU JOY, LOVE, HAPPINESS AND GOOD HEALTH! THANKS SO MUCH FOR ALL THAT YOU DO FOR OTHERS ;)

Attached Files


  • 0

#99
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Happy New Year to you too. I think I would settle for a working TCPIP stack right now.

First if you have SuperAntiSpyware or Spybot S&D installed please uninstall them.

Then check that you (Administrators and System both) have Full Control of the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

If you don't have Full Control then take Ownership as before. (and we do want it to apply to subkeys too)


Let's delete all of the services that the inf file does and see if it will then install.

Copy the next line:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atmarpc
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsock2
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC

Start, Run, cmd, OK then right click and Paste or Edit, Paste and the text should appear. Hit Enter.

Some entries may complain that they can't find the registry key but none should say they can't delete it. If one can't be deleted go into regedit and try to delete it yourself.

Right click "My Network Places" select Properties.
Right click the Local Area Connection 2 and select Properties.
Click Install >Protocol >add >have disk.
Browse to the location of nettcpip.inf . (C:\Windows\Inf)
Select nettcpip.inf then click Open then OK then Internet Protocol (TCP/IP) then OK then Close
Reboot

Did you get the same error?

Ron

PS. I'm going down to San Jose to visit my daughter tomorrow. Don't know if I will have Internet access at night but I will be driving for most of the next two days so responses will be slow.
  • 0

#100
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
did everything and it went fine until the last click ok and then got the network connections error could not add the requested component. the error is: an extended error has occurred

didn't even get to reboot. hope you have a nice visit, dont worry about answering slow, just have fun. i'll be available for a couple more hours if you get this tonight thanks again
  • 0

Advertisements


#101
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
have you forgotten about me? or still on holiday? thanks for a reply if you can ;)
  • 0

#102
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Today is the first day we have had Internet in a while. I plan to get back home late tomorrow.

When you get this extended error does it leave an event in event log?

(Right click on My Computer and select Manage then Event Viewer. Then under System see if you have anything interesting.)
  • 0

#103
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i have several things listed, but not sure what would be interesting to you. some have a red X saying error, some have an i saying information, and a few with a yellow triangle saying warning. i tried to highlight these and post them but couldn't also tried to save it as a file and attach it but couldn't but i'm not real sure what i'm doing. please let me know if you would like more info on this. hope you have a safe trip home!
  • 0

#104
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

Vista
Is it still running slow?

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#105
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
here are the events log and #2 is the application log. also i'm not sure what to do next, i think you may have posted it twice not knowing which windows i'm using, but i'm not sure. please advise what to do next, ty

Attached Files

  • Attached File  VEW.txt   12.26KB   38 downloads
  • Attached File  VEW2.txt   12.72KB   107 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP