Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: mattdel on November 02, 2009, 07:39:04 AM
-
Well I finally bought a new PC, and after a couple years of successfully protecting my XP machine with Avast, within the first 3 days of owning Windows 7, an account of mine was compromised, probably because of the shotty Trend Micro AV that was preinstalled on this machine.
Anyway, I uninstalled Trend Micro, rebooted, installed Avast 4.8 Home, rebooted, and cannot connect to any internet whatsoever. It takes an uninstall of Avast to access the internet. I am currently unprotected as I type this because with Avast installed(doesn't even have to be running any providers), no internet connections will work.
ipconfig /all shows everything normal, DNS servers, gateway, everything is fine, but nothing resolves. The only thing I am able to ping is my gateway.
Windows Firewall off, same thing. Firewall off & Avast shutdown, same thing.
Uninstall Avast, here I am.
Help?
-
Try running the Trend Micro uninstall tool for your version found here:
http://support.antivirus.co.uk/trendmicro/kbresolution.jsp?hmid=2530&serviceId=1
Some of these A/V programs can leave files that won't be removed from a standard uninstall and can cause problems.
Then install Avast and see if it works.
-
downloading now.. just thought i'd also throw this into the mix..
on a whim i downloaded and installed AVG Free. All was well. It didn't require a reboot after install and worked well. About 8 minutes ago I rebooted, and alas, no internet again.
Uninstall AVG, internet works.
Something is awry here.
-
Before installing Avast you should now probably also run the avg uninstall tool just to be sure it's gone.
http://www.avg.com/us-en/download-tools
-
Both tools run.
No change.
-
Download HijackThis then install and run it:
http://www.filehippo.com/download_hijackthis
Post a log here but do not attempt to fix anything with it.
-
This is of course a logfile created whilst being able to access the internet. I further tested this by installing Microsofts Security Essentials or whatever they call it. Same issue. No internet access after reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:33 AM, on 11/2/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Users\Matt\AppData\Local\Digsby\App\lib\digsby-app.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\V0415Mon.exe
C:\Users\Matt\AppData\Local\Digsby\App\lib\aspell\bin\aspell.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = Matt\AppData\Local\Digsby\App\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8339 bytes
-
This is a sign that AVG was not completely removed:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
Fix the (file missing) entries
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
Provide a log when running HijackThis saving a log when unable to connect to the Internet as that will show what is running then.
-
This is a sign that AVG was not completely removed:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
Fix the (file missing) entries
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
Provide a log when running HijackThis saving a log when unable to connect to the Internet as that will show what is running then.
how do i go about fixing those entries? I'm new to Windows 7, I'm not even sure it still uses lsass
-
OK. Here's a Hijackthis log with Avast installed and no internet access.
(http://i133.photobucket.com/albums/q64/matts89stang/Untitled.png)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:33 AM, on 11/2/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Users\Matt\AppData\Local\Digsby\App\lib\digsby-app.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\V0415Mon.exe
C:\Users\Matt\AppData\Local\Digsby\App\lib\aspell\bin\aspell.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = Matt\AppData\Local\Digsby\App\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8339 bytes
-
Run HijackThis and select each and (no file), (file missing) entry then click Fixed checked
Reboot.
Maybe a more experienced troubleshooter can help with the Internet connection problem.
-
I'm pretty sure its registry related.
Is there a program that will take a snapshot of my registry and compare it to another one? So I can see what settings the installer has changed?
Edit: I have found a program to do just this, and the snapshot differences between the two, preinstall, and post install reboot, are immense and too large for me to parse. 15.7 mb of changes. Most of it is a large amount of binary, which I found to be strange. But anyway, here's a link to the MS Word document containing the changes made to my registry via the Avast installer.
http://www.yourfilehost.com/media.php?cat=other&file=3613Regshot_1.doc
-
You need to PM essexboy to have a look at this topic as I do not know what to do next.
-
unable to send PM's.
-
I forgot that you need at least 20 posts to use PM due to spammers. :-[
I'll try.
He is in the UK so may not respond until tomorrow.
-
thank you.
-
Hi I see you have a 64bit system - so lets have a look see. Could you let me know the exact problems you are experiencing
To ensure that I get all the information this log will need to be uploaded to Mediafire (http://www.mediafire.com/) and post the sharing link.
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Check the box that says 64 bit
- Under Additional Scans check the following:
- Reg - Shell Spawning
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
-
Ok. Simple enough. Basically, the problem I am having, is that after I uninstalled the pre-loaded trial version of Trend Micro, I cannot access the internet after installing ANY other AV program. I've tried Avast Pro 4.8, AVG Free, Avira Free, and Windows Security Essentials. After the required system reboot from the installer, I no longer have an internet connection, although my NIC card shows connectivity, and my gateway is pingable. No addresses will resolve, nothing will connect, be it web addresses, IM protocols, gaming protocols, nothing.
I've done extensive research and testing on the matter, even went so far as to call Geek Squad. No one has an answer for me. I've tried Winsock2Fix, disable Windows Firewall, disable Avast firewall, turned off UAC, ran installer with admin priveledges, ran Trend Micro uninstaller from their website, etc etc.
First scan is WITHOUT Avast installed, meaning I had an active internet connection available.
http://www.mediafire.com/file/tnmqyydmq3q/OTS1.Txt
Second scan is WITH Avast installed, after mandatory reboot, and no internet connection to be had.
http://www.mediafire.com/file/iyzzzztiyzu/OTS2.Txt
-
I can see no apparent malware there so lets see if windows can detect the error
When you try to connect what error do you get ?
Go to control panel and select Network and Internet > View network status and tasks
You should then see this graphic
Do you have a red cross anywhere within the line between you and the net ?
If so near the bottom of the page is Troubleshoot problems
Click that and let me know what the report is
-
Could it be a 32bit/64bit thing?
Check this out:
http://forums.techarena.in/windows-vista-network/1095195.htm (http://forums.techarena.in/windows-vista-network/1095195.htm)
-
Hi I have just been chatting with some techs and the probable cause may well be the trend micro firewall not releasing and staying on your system
Follow the instructions on this page to totally remove it - then reboot and try again
http://esupport.trendmicro.com/4/How-do-I-remove-Trend-Micro-Internet-Security-Pro-and-Trend-Micro-Inte.aspx
-
Pretty sure we've found the problem. But myself being Windows 7 inept, I am unable to fix it. I want my old XP control panel back >:( >:( >:(
Here's a picture of my connection as active, without Avast installed.
(http://i133.photobucket.com/albums/q64/matts89stang/connected.png)
Now here are the pictures of inactive connection, after Avast install & reboot.
(http://i133.photobucket.com/albums/q64/matts89stang/notconnected.png)
(http://i133.photobucket.com/albums/q64/matts89stang/notconnected2.png)
-
Hi I have just been chatting with some techs and the probable cause may well be the trend micro firewall not releasing and staying on your system
Follow the instructions on this page to totally remove it - then reboot and try again
http://esupport.trendmicro.com/4/How-do-I-remove-Trend-Micro-Internet-Security-Pro-and-Trend-Micro-Inte.aspx
I've used that. Didn't help.
-
OK could you download this small diagnostic programme to your desktop http://artellos.com/sino/SINO_Beta.exe
Right click and select run as administrator
Then select the boxes as shown this will check out your net connection
If you could upload the log to Mediafire againas it may be bigger that the forum allows - or you can post it in parts
Have you disabled web shield to see if access is then allowed ?
-
Ok. All this installing/uninstalling is starting to be annoying. I appreciate the help immensely. ;D ;D lets hope we can get to the bottom of this.
I don't think it's anything directly related to Webshield or any Avast module, not only because it happens with any antivirus I install, but as you can see from the images above, the install is modifying my local area connection settings and adding networks to it, and apparently setting as default.
Scan during active internet/no Avast install.
http://www.mediafire.com/file/wukmguttmmu/connected.txt
Scan during no internet/Avast IS installed.
http://www.mediafire.com/file/knmlnmeqz2z/notconnected.txt
-
OK! So here's a bit of news. I've managed to fix it so I can get online after a reboot.
Disabling and re-enabling my NIC card causes the "unidentified public network"(seen above (http://forum.avast.com/index.php?topic=50492.msg428028#msg428028)) to disappear from the Network Screen, and I am able to connect.
Problem is, it reappears after another reboot.
-
Could it be a 32bit/64bit thing?
Check this out:
http://forums.techarena.in/windows-vista-network/1095195.htm (http://forums.techarena.in/windows-vista-network/1095195.htm)
Did you try the advice there?
Type the following commands without the quotes:
"Ipconfig /flushdns" and press Enter.
"Netsh int ip reset" and press Enter
Vista will then want to be rebooted. Go ahead and reboot.
When it starts back up, again open command prompt as administrator.
Type the following commands without the quotes:
"Netsh winsock reset"
Vista will then want to be rebooted. Go ahead and reboot.
-
Was able to fix it on my own, after a bit more research into the "unidentified network" connection.
http://windows7forums.com/windows-7-networking/7408-fix-unidentified-network-no-internet-access.html
I decided to just post this as a new thread, as it appears to be getting positive results for most people. I highly recommend it anyway, as you will eventually encounter this if you apply all of your updates...
For those of you reporting problems with your network after updating MS Office or installing Adobe CS3 -
If you are having Internet connection problems related to "Unidentified Network" showing and the "!" over your NIC icon, then this should take care of it:
Check to see if you have this little devil in your services list:
"##Id_String2.6844F930_1628_4223_B5CC_5BB94B87 9762 ##"
If you do, stop it and disable it. It is actually the Bonjour DNS Responder Service, and I believe it is the cause of the "Unidentified Network."
The Unidentified Network disappeared after stopping this service and a quick disable/enable of the NIC, restoring Internet access.
I Actually just rebooted, edited this post, and then re-enabled the offensive service to see what would happen...Immediately after enabling the NIC and this bastard service, the "Unidentified Network" returned...stopped it, disabled it, disable/enable NIC...Internet back up and running and no "Unidentified Network." (woot - woot!)
YAY YAY YAY!!! ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D
-
Thank you for that info - greatly appreciated. The Techs I was discussing this with were a bit befuddled by it. I will pass this on cheers
-
Yes, just another reason to get rid of Bonjour other than the others:
-- How To Uninstall or Remove Bonjour mDNSResponder.exe - This is considered a non-essential, not critical component as related to ITunes. - See http://www.liutilities.com/products/wintaskspro/processlibrary/mdnsresponder (http://www.liutilities.com/products/wintaskspro/processlibrary/mdnsresponder).
How To Uninstall or Remove Bonjour mDNSResponder.exe (http://www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/)
Also see www.serophos.net/au-revoir-bonjour (http://www.serophos.net/au-revoir-bonjour) for a tool to automate this process so you don't have to manually remove as in the above link.
-
I have I-tunes on my 7 system but I automatically turn that off as soon as it installs - probably why I experienced no problems
-
well thats the thing that kinda struck me as odd, I don't have ITunes installed.. never have. This problem started immediately after uninstalling Trend Micro and attempting to install any other AV program.