Can’t stay online for more then a few minutes!

[Sharker]

I have just got a dialup connection to get into the net. This is the first time I have connected to the net from my home computer. However after connecting for the first time, after a couple of minutes I got the error:

LSA Shell (Export Version) has encountered a problem and needs to close. We are sorry for the inconvenience.

And it asked me if I wanted to contact Microsoft about it.

It gave mentioned the following files. I can’t remember what it said about them.

C:\DOCUME~1\guy\LOCALS~1\Temp\WER5.tmp.dir00\lsass.exe.mdmp
C:\DOCUME~1\guy\LOCALS~1\Temp\WER5.tmp.dir00\appcompat.txt

After a couple of minutes a window popped up saying that the system was going down saying:

system32/lsass.exe had terminated.

I connected a few times more and a couple of times a grey window popped up saying that spyware was on my system. And once my anti-virus software found a virus.

I have no software to stop spyware and my anti-virus software (AVG anti-virus free addition) is a couple of months out of date. Unfortunately I cant stay online long enough to sort this out. Also AVG anti-virus was unable to get online to get its update.

My system is stable when I’m offline.

My ISP is suffolkonline.net

I’m not sure if this is the right forum for this problem, but I don’t know what the problem is!

What is the best thing so do to solve these problems? Your help would be appreciated.

Sharker.

 

[MFDnNC]

You'll ned to get a friend to burn a CD for you. Sounds like you have the old AVG so..

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This http://www.majorgeeks.com/download3155.html, put
it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
log here.

 

[Sharker]

OK then. I’ve got someone to download those things for me and have installed and run them. Since this is the first time I got my home computer on the net I haven’t really been involved in online security issues before. But I ran Ad-Aware SE Personal and removed and quarantined the items that it detected. They had a TAC rating of 3, 5 and 10. I think the one that it gave the worst rating to was “Alexa”. (I wasn’t sure what they were.)

Spybot detected “DOS Exploit” but I left that alone as it said that it was: "Company Microsoft." Should I be leaving it?

Now am I correct in thinking that Ad-Aware SE Personal and Spybot - Search & Destroy look for things already on the computer but SpywareBlaster attempts to block spyware coming in? Do I have to run SpywareBlaster on startup or does it start automatically like AVG Free?

Getting the updates went OK except for AVG Free which dialled up to the net ok, but failed to get the update. (I set it to use dial up, go inline automatically and use an existing connection if there is one.)

Having done this I seem to be able to get online without any problems. (I’ll keep my figures crossed

Incidentally there is a light on the front of my computer with a light bulb symbol next to it. I don’t know what it is, a power on light maybe, but though it has hardly ever been on before, since I connected to the net it seems to be on all the time? Coincidence?

The HiJack This log is:

Logfile of HijackThis v1.99.0
Scan saved at 11:20:06, on 26/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Guy\Miscellenious\SupVoice\PROGRAM\PICPMON.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suffolkonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.suffolkonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Suffolk Online Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\guy\graphics\adobe_acrobat5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Guy\MISCEL~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.suffolkonline.net
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown - C:\Guy\Miscellenious\SupVoice\PROGRAM\PICPMON.EXE