Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

englisheeyore

116 Posts

9889

December 14th, 2006 01:00

DSL connection problems, plz help! (HiJack This Log)

Well I thought we (Bugbatter and I) had got rid of whatever was on my computer a month ago but apparently did not. My McAfee subscription (was only 30 days apparently) ran out last night and a few minutes later started acting up the way it did last time. It disables your DSL connection and only intermittently lets you use the internet. I am actually writing this on Word so that in the minute it gives me to get on the net I can hopefully post this to you in time before it goes again!

I get a few random ad pop-ups but mostly I am getting a windows prompt that is labeled “RUNDLL” and says:

 

 

Error loading

The specified module could not be found.

(Then a prompt ‘ok’ button to close it)

 

The “

The only other pop-ups I notice are black rectangular dos prompt type boxes that pop up for a split second then disappear but doesn’t look like anything is written on it – as fast as it comes up it’s gone.

I updated and ran AVG Anti-Spyware and it found 164 medium threats and 3 high threats: Backdoor.Small.is, Backdoor.Agent.aif, and Trojan.BHO.d – it was able to quarantine them all. After restarting I scanned again and it shows it’s all clean but I’m having the problems like I said before.

I haven’t been able to check for updates for HiJack This just yet (can’t get online right now) but I ran my v1.99.1 version of HiJack This and here is what I’ve found:

Logfile of HijackThis v1.99.1

Scan saved at 1:15:58 AM, on 12/13/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\WINDOWS\weRecv.exe

C:\Program Files\SiteAdvisor\4608\SAService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\SiteAdvisor\4608\SiteAdv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\prevx.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\WINDOWS\System32\wininet.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\System32\svchost.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.dell.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PrevX] C:\WINDOWS\System32\prevx.exe

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: Netmeeting For Windows (Netmeeting For Microsoft Windows) - Unknown owner - C:\WINDOWS\weRecv.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe

After we get this situated I would like to know what I need to do to secure my computer from viruses (I had McAfee but the subscription just ran out). I went to the McAfee website to subscribe to it for a year but there were several options and it was a bit confusing. One offered $49.99 for 8-in-1 protection, another $39.99 for a year 3-in-1 I believe, and $39.99 for another option. I always thought you just bought it as a suite together as one but now that I see there’s more than one thing to install I’m confused as to what I really need from McAfee??

Cheers.

EE

P.S. I’ll try to check the page as soon as possible (net willing)!

englisheeyore

116 Posts

February 21st, 2007 22:00

There were 60 updates from microsoft and that wasn't including the SP2 pack. When I rebooted after downloading those 60, it came up telling me the system needed to be updated and gave me a link to microsoft updates and it started to download. Once it downloaded and started installing it almost got done then appeared to stop on me. The line stopped moving and after about 30 minutes of no activity I figured it was stuck - which it was because it was also hard to cancel it. I'm going to reboot and try installing again in a little bit see if it works this time...
 
 

englisheeyore

116 Posts

February 22nd, 2007 05:00

Finished installing SP2 and rebooted the system - so far it's starting up fast (sits approx. 15 secs at initiating Windows, and 13 secs at Welcome). Microsoft update says SP2 is installed and there are no more further updates for the system. Internet Explorer is popping up fast but the only place I've gone to on it is update.microsoft.com.
 
I'm now going to search for Java VM on it and remove it. I don't see any Java programs in the list of Add/Remove Programs but I'm going to look back at your previous instructions and see if I can find where it is.
 
EE

englisheeyore

116 Posts

February 22nd, 2007 07:00

I installed the new Java from your previous instructions a couple pages back. I went to Tools>Internet Options>Advanced but only saw Java Sun on there and not Java VM. Does that mean there wasn't any version of Java in the SP2? When I went to the Java website, a yellow box popped up along the top of the IE saying I had to install something else first to run the page to install Java, so I did.
 
I put Avast as well as Zone Alarm, so everything looks like it's fixed now. I can't think of anything else...?
 
EE

RKinner

2 Intern

 • 

5.9K Posts

February 22nd, 2007 08:00

SP2 doesn't install Java but I thought your Recovery Disk might.  Guess it didn't if you didn't see any more Java Coffee cups in the Add/Remove programs.
 
Ron

RKinner

2 Intern

 • 

5.9K Posts

February 22nd, 2007 08:00

Glad to hear you got it reinstalled.
 
Windows Defender from Microsoft is nice to have.  It's free and will help watch out for spyware.
 
 
Also
 
Good references for preventing new infection by blocking your PC's ability to visit known bad sites:
 
If you run HJT you can check everything (maybe post one more log just to make sure) then Add to Ignore list.  Repeat once then there is an option in HJT under Config where you can have it run at boot and tell you if something new shows up.  (It's the bottom box in the list of boxes to check).
 
You can also run one of the free versions of these:
 

The above will find a lot of Tracking Cookies so don't panic. Tracking Cookies are normal and are just removed as a privacy thing.
 
On your new PC.  Make sure you create the recovery disk(s) if you didn't get one in the package.  Wouldn't hurt to copy the Recovery disk(s) for the old one and store it (them) somewhere where they won't get scratched or lost.
 
Ron 
 

englisheeyore

116 Posts

February 23rd, 2007 04:00

Here is the log:
 
Logfile of HijackThis v1.99.1
Scan saved at 12:15:46 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172096984795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172099876484
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
 
Could you explain to me how to make a recovery disk? As dumb as it sounds, I don't believe I've ever done that before.
 
 
I do have a question about my new pc, thought maybe you could shed some light on my issue. My new pc has started having problems with its InstallShield a couple weeks back. It gets in the middle of downloading/installing a program and when InstallShield kicks in the Windows Installer window comes up and has the little picture of the computer and says next to it "Preparing to install..." but then never does anything more. I end up cancelling. I never had a problem with it until I tried installing Adobe Reader on it and it got in the middle of the installation then did this same thing. I can't install anything nor update anything like my anti-virus or updates at microsoft (which scares me after i saw how important it was on this old computer). Since then anytime I try to install something it won't finish, it either says it can't finish the installation because something else is in the middle of installing or it'll give me a 1607: unable to install InstallShield Scripting Runtime error message. I went to Task Manager>Processes but nothing seems to be taking up the CPUs (they're all at 00).
 
 
EE

RKinner

2 Intern

 • 

5.9K Posts

February 23rd, 2007 12:00

Log looks good.  Run HJT,scan only, then check everything and Add to Ignore List.  Repeat until it does not find anything.
 
You can probably fix your installer problem with the installer cleanup tool:
 
 
What make and model is your new Dell?  I think they gave you a timelimited copy of Ghost with your new PC.  It can be used to backup everything to a pile of CDs.
 
Ron 

englisheeyore

116 Posts

February 23rd, 2007 19:00

New computer is a Dell Dimension C521. The only cds they gave me with it are the:
 
Resource CD
LCD Monitor Driver
Reinstallation CD (Windows XP SP2)
 
That's what I got with my old computer too. I'm not familiar with what Ghost is? I'm an amateur at fixing computers. :smileysurprised:

englisheeyore

116 Posts

February 23rd, 2007 21:00

Tried installing the cleaner on my new computer but my computer isnt letting me uninstall or install anything - just gets stuck at "preparing to install." Tried doing it in safe mode but tells me it cant perform installation in safe mode.

RKinner

2 Intern

 • 

5.9K Posts

February 24th, 2007 12:00

You might try going back in time with System Restore to the week before you tried to install adobe.

 

Look in the Event Viewer under System or Applications and see if you find any events at the time of the failed installs.  That might help us figure out what went wrong.
 
Also look in C:\Temp or maybe it's C:\TMP
 
See if you find any files that start with MSI and end in .log.  Send the last two to me at
rkinner
AT
gmail
DOT
com
 
Subject: DELL englisheeyore
 
 
Ron
 
It appears that the English Dell prefers to give you copies of the CDs rather than making you burn your own. 

Ghost is a backup and disk cloning software from Norton/Symantec that I think I got confused about.  I think it's something you get with HP products and not Dell.
 
 
 
 

englisheeyore

116 Posts

February 28th, 2007 05:00

Ron -
 
The computer wouldn't let me restore system.
 
I tried installing my new cam and it hung on installation here's the error message I found in Applications of the event log:
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  2/28/2007
Time:  1:16:37 AM
User:  N/A
Computer: MANJAREZ
Description:
Hanging application setupstb.exe, version 1.10.148.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 73     setups
0018: 74 62 2e 65 78 65 20 31   tb.exe 1
0020: 2e 31 30 2e 31 34 38 2e   .10.148.
0028: 30 20 69 6e 20 68 75 6e   0 in hun
0030: 67 61 70 70 20 30 2e 30   gapp 0.0
0038: 2e 30 2e 30 20 61 74 20   .0.0 at
0040: 6f 66 66 73 65 74 20 30   offset 0
0048: 30 30 30 30 30 30 30      0000000
 
I also tried installing Adobe Reader and it got half way through installation and said:
 
Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
 
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11500
Date:  2/28/2007
Time:  1:36:20 AM
User:  MANJAREZ\Jennifer
Computer: MANJAREZ
Description:
Product: Adobe Reader 8 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 41 43 37 36 42 41 38   {AC76BA8
0008: 36 2d 37 41 44 37 2d 31   6-7AD7-1
0010: 30 33 33 2d 37 42 34 34   033-7B44
0018: 2d 41 38 30 30 30 30 30   -A800000
0020: 30 30 30 30 32 7d         00002} 
and
 
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11500
Date:  2/28/2007
Time:  1:38:04 AM
User:  MANJAREZ\Jennifer
Computer: MANJAREZ
Description:
Product: Adobe Reader 8 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 41 43 37 36 42 41 38   {AC76BA8
0008: 36 2d 37 41 44 37 2d 31   6-7AD7-1
0010: 30 33 33 2d 37 42 34 34   033-7B44
0018: 2d 41 38 30 30 30 30 30   -A800000
0020: 30 30 30 30 32 7d         00002} 
 
 
Regarding the msi and .log files I only found (2) .log files and no msi files:
 
hpdbglog
08:52:58.359 (0x01c724dd:0x69bb1870) UThread Start
08:52:59.546 (0x01c724dd:0x6a7037a0) UThread added item
08:52:59.546 (0x01c724dd:0x6a7037a0) UThread added item
08:52:59.546 (0x01c724dd:0x6a7037a0) UThread added item
08:52:59.546 (0x01c724dd:0x6a7037a0) UThread End
08:53:03.781 (0x01c724dd:0x6cf66d50) GetLPTDeviceID: Unable to open driver!2
08:53:04.484 (0x01c724dd:0x6d61b240) PThread End
23:40:55.406 (0x01c73cec:0x6db7d0e0) UThread Start
23:40:55.578 (0x01c73cec:0x6dd20fa0) UThread added item
23:40:55.578 (0x01c73cec:0x6dd20fa0) UThread added item
23:40:55.578 (0x01c73cec:0x6dd20fa0) UThread End
23:40:58.156 (0x01c73cec:0x6f5b6ec0) GetLPTDeviceID: Unable to open driver!2
23:41:02.406 (0x01c73cec:0x71e3ee60) GetLPTDeviceID: Unable to open driver!2
23:41:06.218 (0x01c73cec:0x742998a0) PThread End
00:29:06.234 (0x01c75486:0x212da9a0) UThread Start
00:29:06.437 (0x01c75486:0x214ca350) UThread added item
00:29:06.500 (0x01c75486:0x21564040) UThread added item
00:29:06.500 (0x01c75486:0x21564040) UThread End
00:29:09.125 (0x01c75486:0x22e6cb50) GetLPTDeviceID: Unable to open driver!2
00:29:14.546 (0x01c75486:0x2621f920) GetLPTDeviceID: Unable to open driver!2
00:29:16.765 (0x01c75486:0x277490d0) PThread End
 
LDMSetupLog
[InstallShield Silent]
Version=v7.00
File=Log File
[ResponseResult]
ResultCode=0
[Application]
Name=Logitech Desktop Messenger
Version=1.0.31
Company=Logitech
Lang=0013
I am in St Louis and bought my Dell from the American Dell, not English -- I don't have any copy of the CD so I guess I'll have to make one. How do I do that?
 
EE
 


Message Edited by englisheeyore on 02-28-2007 02:02 AM

Was this post helpful?

View All

No Events found!

Top