Problems and reports

By treetops
Sep 3, 2009
Topic Status:
Not open for further replies.
  1. Hi,
    Currently no applications on my computer can communicate with the internet and i've run through the 8 step guide. Here's some reports, if you can help you would be my all time hero!
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    It would be more helpful to know your computer brand and model or the motherboard and configuration.

    You have had some troublesome stuff infecting your registry, including Trojan.FakeAlert, Trojan.BHO, Trojan.Dropper, HiJack.LSP and perhaps others.
    You are using AVG 8.0 which is weak and ineffective on some of this stuff.
    I would remove AVG and install the free AVAST or Avira Antivir, then run the Avast or Avira scan in both regular and SAFE MODE.
    I would also run SuperAntiSpyware, SpySweepeer, or Spyware Doctor in addition to the MalWareBytes. MalwareBytes should run in <Safe Mode>
    When you run the scans, immediately run them again in SAFE MODE.
    If not found in SAFE MODE, you are likely pretty clean

    You may have to rinstall some of your drivers after you are done with the removals... Etherneet connection... or telephone modem... and you may have other damage that driver updates would fix.
  3. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,661   +57

    Thanks

    Thanks that should be a good start to fixing this.
  4. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,661   +57

    I scanned everything multiple times and followed the 8 step guide, along with your help and nothing seems to be the problem except i can't get any programs to communicate with the internet. I am running a Dell dimension 3000 ( i know it's old and shitty lol). And here's the new Highjackthis log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:40 AM, on 9/4/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.221 virusermoverpro.microsoft.com
    O1 - Hosts: 91.212.127.221 virusermoverpro.com
    O1 - Hosts: 91.212.127.221 www.virusermoverpro.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 6490 bytes


    Thanks!
  5. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Somehow, my system has lost the description of the problem. Tell us more.

    The Dell Dimension 3000 is a fine machine, but it is a basic machine. It was at the bottom of the Dell desktop line when it came out about five years. It has a very limited power supply, limited video graphics, and only three PCI Slots with no video graphics slot. It will take 2 GB or memory, and it has decent speed.
    But it is not a gamer, and will suffer if used as one. The power supply is rugged, but will fail if pushed beyond its limits.
    The DVD optical drive is known to last only a year before problems start, and should be replaced if older than that.
    CPU Coller is fine, but after five years, the CPU should be cleaned of old thermal paste and then have new, THIN LAYER of thermal paste applied.
    The hard drive will have failed, or will be ready to fail by now. Replace it if you have not. They used Samsung, Maxtor, Seagate, and Western Digital hard drives. The Samsung and Maxtor were particularly prone to failure.
    If your system is slowing down, it is because of the hard drive.
  6. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,661   +57

    Is there anything in the Highjack this log that would disrupt my internet capabilities? And it's connected to my router just fine, either wired or not. Just the whole, can't get any of my apps to communicate with the internet deal....
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It appears that your Host files have been hijacked. You are being taken to a server in the European Union.

    Try removing all of the 01 entries in the log. Then run all three of the programs recommended in the 8 steps. I don't think that will do it, but give it a try to start.
  8. Zyldar

    Zyldar Newcomer, in training Posts: 34

    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing

    From a CMD (command prompt) while logged in normal mode or safe mode with networking, run: IPCONFIG - in a command prompt window. If you have an ip address, try to Ping Google.com. If ping returns icmp packets from google, but your browser still won't work then type: NETSH WINSOCK REPAIR (in the command prompt window). Then reboot and see if your browser works again.

    Because you're running XP with SP2 the 'Netsh wisock repair' may not work. In which case you can download, on another computer, a winsock repair tool and move it over with a flash drive:
    http://www.snapfiles.com/get/winsockxpfix.html

    Hope that helps.
    Zyldar
  9. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,661   +57

    Well we ended up just reinstalling windows it its working fine.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thanks for the update. Sorry there was no one available to take you through a proper cleaning.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.