| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79720 | 2007-05-30 00:17:00 | LSP Fix - What should be there? | wratterus (105) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 554300 | 2007-05-30 00:17:00 | I'm working on a PC with internet connectivity issues.. (cannot browse using IE7, everything else fine. Have tried rolling back to 6, sp1, still no luck. PC had smitfraud virus which has been cleaned out). I have run LSP fix through it, and this is what i've come out with. No problems found. mswsock.dll winrnr.dll nwprovau.dll rsvpsp.dll Win Sock Fix didn't help either... i'm wondering if any of those files is suspect. Thanks!!:thumbs: I was looking here (www.spywaredata.com) , and the ones i've got all look ok, does anyone know of any thing else i could check? Here's a hijack this log. hopefully speedy will run his expret diagnosis on it:lol: Logfile of HijackThis v1.99.0 Scan saved at 11:16:22 a.m., on 30/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA GP.EXE C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe \aserver\SpywareStuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA GP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB001" /M "Stylus Photo RX530" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe |
wratterus (105) | ||
| 554301 | 2007-05-30 00:21:00 | Get hijackthis in my sig, your version is out of date. Then post another log. Get Rogueremover and Trojan remover in my sig too. Update both then do a scan. And then select the 3rd-7th option under utilities in Trojan remover. |
Speedy Gonzales (78) | ||
| 554302 | 2007-05-30 00:28:00 | Whoops! my bad:xmouth: cheers, here's the updates log . will run those other programs through now . Logfile of Trend Micro HijackThis v2 . 0 . 0 (BETA) Scan saved at 11:28:43 a . m . , on 30/05/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\ehome\ehtray . exe C:\Acer\Empowering Technology\eRecovery\Monitor . exe C:\WINDOWS\SOUNDMAN . EXE C:\WINDOWS\sm56hlpr . exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA GP . EXE C:\Program Files\Trend Micro\Internet Security 2006\pccguide . exe C:\Program Files\Messenger\msmsgs . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\eHome\ehRecvr . exe C:\WINDOWS\eHome\ehSched . exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom . exe C:\WINDOWS\system32\svchost . exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv . exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy . exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw . exe C:\WINDOWS\eHome\ehmsas . exe C:\WINDOWS\system32\dllhost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\rundll32 . exe J:\HiJackThis_v2 . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7 . 0\ActiveX\AcroIEHelper . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page . dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page . dll O4 - HKLM\ . . \Run: [ehTray] C:\WINDOWS\ehome\ehtray . exe O4 - HKLM\ . . \Run: [LaunchApp] Alaunch O4 - HKLM\ . . \Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI . exe O4 - HKLM\ . . \Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor . exe O4 - HKLM\ . . \Run: [SiSPower] Rundll32 . exe SiSPower . dll,ModeAgent O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA GP . EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB001" /M "Stylus Photo RX530" O4 - HKLM\ . . \Run: [pccguide . exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide . exe" O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR . DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau . dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui . dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui . dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated . - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom . exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated . - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv . exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc . - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw . exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc . - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy . exe -- End of file - 4422 bytes |
wratterus (105) | ||
| 554303 | 2007-05-30 00:39:00 | That log looks ok to me . Trojan remover or RR may fix the browsing prob . How is this PC connected to the net? By itself or is it on a LAN using BB?? |
Speedy Gonzales (78) | ||
| 554304 | 2007-05-30 00:43:00 | It's on a LAN on BB. Both programs found traces of winantivirus2007, Part of smitfraud. All threats removed, still have browsing issue. | wratterus (105) | ||
| 554305 | 2007-05-30 00:53:00 | If IE7 still opens/works, go to Tools / internet options / advanced tab. And click on reset. Then reboot it. Is IE7 the only browser on it that isnt working? Is there another browser on it (Opera/Firefox)? Do they work? Does the main PC (If this PC isnt the main PC) have a firewall?? If so, what firewall? Did u select the 3rd to 7th option under the utilities menu in Trojan remover as well?? |
Speedy Gonzales (78) | ||
| 554306 | 2007-05-30 00:58:00 | If IE7 still opens/works, go to Tools / internet options / advanced tab . And click on reset . Then reboot it . Is IE7 the only browser on it that isnt working? Is there another browser on it (Opera/Firefox)? Do they work? Does the main PC (If this PC isnt the main PC) have a firewall?? If so, what firewall? Did u select the 3rd to 7th option under the utilities menu in Trojan remover as well?? I've tried resetting IE7 several times . firefox does work, bt the person who owned the pc wants:yuck: IE . Don't ask me why . gettin them to use mozilla is the last resort thing . No firewalls anywhere . I didn't do the thing in TR, i'll try that now . cheers . |
wratterus (105) | ||
| 1 | |||||