1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can’t stay online for more then a few minutes!

Discussion in 'Virus & Other Malware Removal' started by Sharker, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. Sharker

    Sharker Thread Starter

    Joined:
    Jan 29, 2003
    Messages:
    185
    I have just got a dialup connection to get into the net. This is the first time I have connected to the net from my home computer. However after connecting for the first time, after a couple of minutes I got the error:

    LSA Shell (Export Version) has encountered a problem and needs to close. We are sorry for the inconvenience.

    And it asked me if I wanted to contact Microsoft about it.

    It gave mentioned the following files. I can’t remember what it said about them.

    C:\DOCUME~1\guy\LOCALS~1\Temp\WER5.tmp.dir00\lsass.exe.mdmp
    C:\DOCUME~1\guy\LOCALS~1\Temp\WER5.tmp.dir00\appcompat.txt

    After a couple of minutes a window popped up saying that the system was going down saying:

    system32/lsass.exe had terminated.

    I connected a few times more and a couple of times a grey window popped up saying that spyware was on my system. And once my anti-virus software found a virus.

    I have no software to stop spyware and my anti-virus software (AVG anti-virus free addition) is a couple of months out of date. Unfortunately I cant stay online long enough to sort this out. Also AVG anti-virus was unable to get online to get its update.

    My system is stable when I’m offline.

    My ISP is suffolkonline.net

    I’m not sure if this is the right forum for this problem, but I don’t know what the problem is!

    What is the best thing so do to solve these problems? Your help would be appreciated.

    Sharker.
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You'll ned to get a friend to burn a CD for you. Sounds like you have the old AVG so..

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE http://www.majorgeeks.com/download506.html
    SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    SpyBot - After an update run immunize

    Do these and reboot before the next step.

    Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
     
  3. Sharker

    Sharker Thread Starter

    Joined:
    Jan 29, 2003
    Messages:
    185
    OK then. I’ve got someone to download those things for me and have installed and run them. Since this is the first time I got my home computer on the net I haven’t really been involved in online security issues before. But I ran Ad-Aware SE Personal and removed and quarantined the items that it detected. They had a TAC rating of 3, 5 and 10. I think the one that it gave the worst rating to was “Alexa”. (I wasn’t sure what they were.)

    Spybot detected “DOS Exploit” but I left that alone as it said that it was: "Company Microsoft." Should I be leaving it?

    Now am I correct in thinking that Ad-Aware SE Personal and Spybot - Search & Destroy look for things already on the computer but SpywareBlaster attempts to block spyware coming in? Do I have to run SpywareBlaster on startup or does it start automatically like AVG Free?

    Getting the updates went OK except for AVG Free which dialled up to the net ok, but failed to get the update. (I set it to use dial up, go inline automatically and use an existing connection if there is one.)

    Having done this I seem to be able to get online without any problems. (I’ll keep my figures crossed :)

    Incidentally there is a light on the front of my computer with a light bulb symbol next to it. I don’t know what it is, a power on light maybe, but though it has hardly ever been on before, since I connected to the net it seems to be on all the time? Coincidence? :confused:

    The HiJack This log is:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:20:06, on 26/01/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Guy\Miscellenious\SupVoice\PROGRAM\PICPMON.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suffolkonline.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.suffolkonline.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Suffolk Online Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\guy\graphics\adobe_acrobat5\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Guy\MISCEL~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.suffolkonline.net
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pacific Image Comm. Fax Server - Unknown - C:\Guy\Miscellenious\SupVoice\PROGRAM\PICPMON.EXE
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/322949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice