Solve : Can't Get Onto Windows XP-Possibe Major PC Problem (Long)?

1.	Solve : Can't Get Onto Windows XP-Possibe Major PC Problem (Long)?
Answer» You never said which PC to run it from. The OTL were run off the good PC, since there is no way I could download OTL on the infected PC with no IP access. Which PC do you want the sfc scan run from? Could I request in the future, may you specify which PC to do scans/other things from? Thanks. Also...since we fixed the infected PC to now sign on normally, why is it that I can not access the internet even though I am connected and what can be done?OK when I tried on the good PC the black cmd screen popped up and vanished instantly. I tried on the infected PC....it ran until this message popped up Quote Files that are required for windows to run properly must be copied to the DLL Cache. Insert your Windows XP Professional CD-ROM now. The only CDs I have are -Windows XP Service Pack 2 -Application (For re-installing Dell Tools System Software) -Operating System (Reinstallion CD Microsoft Windows XP Professional Including Service Pack 1a) -Drivers and Utilities (For reinstalling Dell Inspiron System Software) I inserted the XP Service Pack 2 on the infected PC and was told it was the wrong disc. I then inserted the Operating System (Reinstallion CD Microsoft Windows XP Professional Including Service Pack 1a) into the infected PC...and the scan resumed After it finshed the bar vanishes...and I still can't get on the internetQuote Which PC do you want the sfc scan run from? Could I request in the future, may you specify which PC to do scans/other things from? Let's just work on the originally infected computer. You will have to download any programs and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. Ok. We need to clear your DNS cache. Please navigate to Start>Run and type cmd in the window that pops up type ipconfig /flushdns ************************************* Download the Fix IE Utility to your desktop. Before running the utility, make sure that all your Internet Explorer** windows are closed! * Extract the contents of the .zip file to your desktop. * Double click the Fix IE Utility button to run the tool. * Click Run Utility * Click OK when you see 'Re-registered all files' * Open Internet Explorer and see how it works. Quote from: SuperDave on August 15, 2010, 04:13:46 PM Let's just work on the originally infected computer. You will have to download any programs and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. Ok. We need to clear your DNS cache. Please navigate to Start>Run and type cmd in the window that pops up type ipconfig /flushdns *************************************** Again, I assume you meant on this and here after on the infected pc only. I did this on the infected PC, and I got the same message I got last night when I typed IPconfig: Quote Windows IP Configuration An internal error occured: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name. Quote Download the Fix IE Utility to your desktop. Before running the utility, make sure that all your Internet Explorer windows are closed! * Extract the contents of the .zip file to your desktop. * Double click the Fix IE Utility button to run the tool. * Click Run Utility * Click OK when you see 'Re-registered all files' * Open Internet Explorer and see how it works. ........Done...........and told "Internet Explorer cannot display the webpage" NOTHING works!!! I still do not get why I am perfectly connected to the internet but can't access it? The virus is gone.Try this please. Reset Explorer Settings IE OK...a few things 1) Congratulations! Thanks to both SuperDave and EvilFantasy my PC is running and I am able to access the internet. -SuperDave got the PC to be able to turn on -Evil Fantasy and his latest post allowed me to get the internet I would like to personally thank the both of you for walking me through this complicated problem step-by-step. I know I lost patience and snapped a few times, this was quite lengthy, but thank you! How can I officially thank you both in your profile? I would have updated sooner, but I was out of town last week and only got around to the problem last night. 2) Given my expertise, would it be better to leave it alone or could we say what exactly the problem was? In your experience, did this come off as one of the more difficult problems? 3) While we fixed this virus, I have a 6 year old PC and want to get a clean bill of health. I went ahead and ran/download Java and did all the recommended scans. I have attached the logs below. Before I go onto business as usual, I want the PC running as safely, fastly, and best as possible. Would you mind going through these logs so we can get a clean bill of health? Lemme know so I can clear this out. Super Anti-Spyware Quote SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/25/2010 at 02:34 AM Application Version : 4.41.1000 Core Rules Database Version : 5189 Trace Rules Database Version: 3001 Scan type : Complete Scan Total Scan Time : 01:56:25 Memory items scanned : 513 Memory threats detected : 0 Registry items scanned : 6647 Registry threats detected : 0 File items scanned : 63752 File threats detected : 0 MBAM Quote Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4476 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/25/2010 12:29:46 PM mbam-log-2010-08-25 (12-29-46).txt Scan type: Quick scan Objects scanned: 141086 Time elapsed: 12 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3436ec28-ccde-4a49-83a6-0b8dee619be3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{486bdd1d-bac7-4f82-8b68-38b1bd5378f2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\vugip.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zugip.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully. HiJackThis Quote Logfile of Trend MICRO HijackThis v2.0.2 Scan saved at 1:23:59 PM, on 8/25/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot MODE: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Emsisoft\Online Armor\OAcat.exe C:\Program Files\Emsisoft\Online Armor\oasrv.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Emsisoft\Online Armor\oaui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Seagate\Sync\SeaSyncServices.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Emsisoft\Online Armor\OAhlp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_eg_self_main R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215897936109 O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\OAcat.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\oasrv.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9823 bytes Thanks!4) As I have been trying to clean out old files, I still am unable to delete civ4. Years ago I got this from a friend, pirated style. It is located under downloads, every time I try and delete it tells me it cannot because "another program or person" It also is located in the "E" drive of my PC as well. Lemme know so I can clear this out. Thanks!You could try deleting it in Safe Mode or download and install Unlocker to delete it.OK so.......... 1) Installed unlocker...under downloads in my documents it is now deleted. -However....in my computer it still shows in the E drive. -Next time I re-start my PC will it be gone? -If not how can I remove it from E drive...or is it moot...is it gone? 2) Otherwise given my logs, is my PC now given a clean bill of health? 3) What was the big problem with it, and was this one of the worst you have seen? 4) Thanks again, how can I officially thank you? Quote 1) Installed unlocker...under downloads in my documents it is now deleted. -However....in my computer it still shows in the E drive. -Next time I re-start my PC will it be gone? -If not how can I remove it from E drive...or is it moot...is it gone? Is it still there? Quote 2) Otherwise given my logs, is my PC now given a clean bill of health? Your logs are clean. Quote 3) What was the big problem with it, and was this one of the worst you have seen? No it's far from the worst. Look back through the Malwarebytes and SUPERAntispyware logs and you will see what all was found/removed. Quote 4) Thanks again, how can I officially thank you? I think you just did.

Answer»

You never said which PC to run it from.
The OTL were run off the good PC, since there is no way I could download OTL on the infected PC with no IP access.

Which PC do you want the sfc scan run from?
Could I request in the future, may you specify which PC to do scans/other things from?

Thanks.

Also...since we fixed the infected PC to now sign on normally, why is it that I can not access the internet even though I am connected and what can be done?OK when I tried on the good PC the black cmd screen popped up and vanished instantly.

I tried on the infected PC....it ran until this message popped up

Quote

Files that are required for windows to run properly must be copied to the DLL Cache.

Insert your Windows XP Professional CD-ROM now.

The only CDs I have are
-Windows XP Service Pack 2
-Application (For re-installing Dell Tools System Software)
-Operating System (Reinstallion CD Microsoft Windows XP Professional Including Service Pack 1a)
-Drivers and Utilities (For reinstalling Dell Inspiron System Software)

I inserted the XP Service Pack 2 on the infected PC and was told it was the wrong disc.
I then inserted the Operating System (Reinstallion CD Microsoft Windows XP Professional Including Service Pack 1a) into the infected PC...and the scan resumed

After it finshed the bar vanishes...and I still can't get on the internetQuote

Which PC do you want the sfc scan run from?
Could I request in the future, may you specify which PC to do scans/other things from?

Let's just work on the originally infected computer. You will have to download any programs and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Ok. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

***************************************

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

Quote from: SuperDave on August 15, 2010, 04:13:46 PM

Let's just work on the originally infected computer. You will have to download any programs and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Ok. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

***************************************

Again, I assume you meant on this and here after on the infected pc only.
I did this on the infected PC, and I got the same message I got last night when I typed IPconfig:

Quote

Windows IP Configuration

An internal error occured: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

Quote

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

........Done...........and told

"Internet Explorer cannot display the webpage"

NOTHING works!!!

I still do not get why I am perfectly connected to the internet but can't access it?
The virus is gone.Try this please. Reset Explorer Settings IE OK...a few things

1) Congratulations! Thanks to both SuperDave and EvilFantasy my PC is running and I am able to access the internet.
-SuperDave got the PC to be able to turn on
-Evil Fantasy and his latest post allowed me to get the internet

I would like to personally thank the both of you for walking me through this complicated problem step-by-step.
I know I lost patience and snapped a few times, this was quite lengthy, but thank you!

How can I officially thank you both in your profile?
I would have updated sooner, but I was out of town last week and only got around to the problem last night.

2) Given my expertise, would it be better to leave it alone or could we say what exactly the problem was?
In your experience, did this come off as one of the more difficult problems?

3) While we fixed this virus, I have a 6 year old PC and want to get a clean bill of health.
I went ahead and ran/download Java and did all the recommended scans.
I have attached the logs below.
Before I go onto business as usual, I want the PC running as safely, fastly, and best as possible.
Would you mind going through these logs so we can get a clean bill of health?
Lemme know so I can clear this out.

Super Anti-Spyware
Quote

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2010 at 02:34 AM

Application Version : 4.41.1000

Core Rules Database Version : 5189
Trace Rules Database Version: 3001

Scan type : Complete Scan
Total Scan Time : 01:56:25

Memory items scanned : 513
Memory threats detected : 0
Registry items scanned : 6647
Registry threats detected : 0
File items scanned : 63752
File threats detected : 0

MBAM
Quote

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4476

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2010 12:29:46 PM
mbam-log-2010-08-25 (12-29-46).txt

Scan type: Quick scan
Objects scanned: 141086
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3436ec28-ccde-4a49-83a6-0b8dee619be3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{486bdd1d-bac7-4f82-8b68-38b1bd5378f2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\vugip.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zugip.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.

HiJackThis
Quote

Logfile of Trend MICRO HijackThis v2.0.2
Scan saved at 1:23:59 PM, on 8/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_eg_self_main
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215897936109
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9823 bytes

Thanks!4) As I have been trying to clean out old files, I still am unable to delete civ4. Years ago I got this from a friend, pirated style.
It is located under downloads, every time I try and delete it tells me it cannot because "another program or person"
It also is located in the "E" drive of my PC as well.

Lemme know so I can clear this out.

Thanks!You could try deleting it in Safe Mode or download and install Unlocker to delete it.OK so..........

1) Installed unlocker...under downloads in my documents it is now deleted.
-However....in my computer it still shows in the E drive.

-Next time I re-start my PC will it be gone?
-If not how can I remove it from E drive...or is it moot...is it gone?

2) Otherwise given my logs, is my PC now given a clean bill of health?

3) What was the big problem with it, and was this one of the worst you have seen?

4) Thanks again, how can I officially thank you?

Quote

1) Installed unlocker...under downloads in my documents it is now deleted.
-However....in my computer it still shows in the E drive.

-Next time I re-start my PC will it be gone?
-If not how can I remove it from E drive...or is it moot...is it gone?

Is it still there?

Quote

2) Otherwise given my logs, is my PC now given a clean bill of health?

Your logs are clean.

Quote

3) What was the big problem with it, and was this one of the worst you have seen?

No it's far from the worst. Look back through the Malwarebytes and SUPERAntispyware logs and you will see what all was found/removed.

Quote

Solve : Can't Get Onto Windows XP-Possibe Major PC Problem (Long)?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment