No Internet Access on Vista

There are major issues right now with Windows 8 and Avast. See the below link:

http://www.majorgeeks.com/news/story/windows_updates_turn_avast_computers_to_bricks.html

So the first thing I suggest that you do is to uninstall Avast and then reboot.


Then do the below.

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Repair MSI (Windows Installer)
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot it yourself.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Sorry no! I must have been looking at another set of logs.

Don't uninstall Avast but disable it and add the below as a first step.


Now download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the myosprotect.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move myosprotect.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.

Then do the rest of my previous fix.

 

I assume you mean this is on the window that opened when you started running Windows Repair? How far did it get? Do you still have your Desktop showing in the background?

 

Hit CTL-SHIFT-ESC to try and bring up Task Manager. If it comes up, click File and select New Task (Run...). The type explorer.exe into the run box. See if your Desktop returns. If no Desktop comes back then try typing shutdown -r into the run box to see if it can shutdown and reboot your computer.

If Task Manager does not come up, then your only choice is to hold in the power button until your PC powers down. Wait a few minutes and then try powering it back up.

 

Please don't do this. All of your logs are always here online. Just allow MGtools to update the file and always attach MGlogs.zip untouch and with no renaming.

Please uninstall Avast and keep it uninstalled until we finish fixing up your PC.
Also disable Windows Defender which you should not be running anyway with Avast.

Then reboot your PC and see if there is any change to your problem. Also do the below so I can check that the above uninstall and disable actually worked:

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

Please see and follow the instructions in my last message.

 

Per your logs you did not run the fix from message # 4 with LSP-Fix. If you did then it did not work possibly because of Avast. Run that fix again and reboot. Then check your internet.


Thanks! Hope you have a great Thanksgiving too!

 

Not necessarily. That is quite a lot of work and tweaking and reinstalling. This is always an easy fix. We need to see that the LSP-Fix is actually occurring properly. Last logs showed it was not. I bet it still did not work properly. If it does not fix the broken LSP chain then the symptoms you have are exactly what will occur. Before collecting another log to check, please boot into safe boot mode and run LSP-Fix one more time. Have you been seeing the myosprotect.dll file each time?

Before booting into safe mode, run the below fix with RogueKiller.

Now right click on RogueKiller.exe and Select Run As Administrator and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

Then immediately reboot your PC. But this time reboot into safe boot mode.

Run the LSP-Fix in safe mode now and then also rerun Windows Repair just like you did earlier but this time also in safe boot mode. Then boot back into normal mode and do the below.

Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

 

Thanks! You have a great day too. I will not be around very much.

How did the fix with RogueKiller go? Any problems? Run a new scan with RogueKiller and attach the new log. The LSP item is still there.

 

While I'm able to still be here, let me also post the next part of the fix since there were other issues too.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\myosprotect.dll' missing

After clicking Fix, exit HJT.


Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
MyOSProtect
ProtectMonitor
SupraSavingsService
pcwatch
vtayn
ViewpointService


:Files
C:\Program Files\CDDCF87A-3EAD-40C4-8099-34C6869D3E9D
C:\monitorsvc.exe
C:\Program Files\Web Protect
C:\Program Files\PCTRunner
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175586828-2763405944-1892789562-1001UA.job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2175586828-2763405944-1892789562-1001Core.job
C:\Users\Joe\AppData\Roaming\AVG10
C:\Users\Joe\Documents\Optimizer Pro
C:\Windows\System32\config\systemprofile\Application Data\McAfee                                       
C:\Windows\System32\drivers\pcwatch.sys
C:\Windows\Temp\*.*
C:\Users\Joe\AppData\Local\Temp\*.*
C:\Windows\System32\MyOSProtect.dll
C:\Windows\System32\PCCertInstaller.dll
C:\Windows\System32\PCProxyDLL.dll
C:\Windows\System32\MyOSProtect64.dll
C:\Windows\System32\PCProtect64.dll

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"swg"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Windows Defender"=-
"Google Updater"=-

[HKEY_USERS\S-1-5-21-2175586828-2763405944-1892789562-1001\Software\Microsoft\Windows\CurrentVersion\run]
"Google Update"=-
"swg"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Per the log! Some items were fix and some not. Just continue on with my other instructions and then we will see what steps we need to take next.

 

Yes thanks it was a nice day yesterday. How about yours?


The last fixed removed several more problems. Not let's see if we can make progress on the LSP issue. Run a new scan with RogueKiller and attach the new log.

Also run a new scan with Hitman Pro and save a new log. If it detects the below problem which is related to the LSP see if Hitman can fixed it...... that is as long as your trial period has not expired. If the trial has expired, don't worry about it.

Code:

   Repair Winsock
   HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows and continue with the below.

Run a new scan will RogueKiller


Then attach the below logs:

• Fixlog.txt
• RogueKiller log

 

Yes but now your RogueKiller log no longer has the below entries which were part of the problem

So now that these are gone. Go back and run the same LSP-Fix program to fix the LSP chain as we had done previously.

Also rerun the Windows Repair fix that we ran before too.

Then reboot your PC.

After reboot check to see if you have an internet connection and run the below again.

Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
C:\MGlogs.zi

 

You're welcome. Your logs are good now.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!