Jump to content

Impossible To Fix ?

mattx

By mattx
in Windows

 Share

Recommended Posts

mattx

mattx

Posted
Posted

Right if anyone can help me fix this without the usual 'cop out' of re-build it - then there is a pint in it for them.

 

PC with XP on. [ This is a work college's PC ]

Problem - Won't go out on the internet however at users home, it will if you point it through a proxy !! All other network traffic is fine etc.

PC has had [ but is now CLEAR ] the following nasties on:

 

TROJ_RENOS.EO TDSSba6c.TMP

TROJ_Generic.A 0216736.EXE

TROJ_VIRANTIX.BF A0230524.SYS

BKDR_TDSS.T TDSSnrsr.DLL

BKDR_TDSS.V TDSSriqp.DLL

 

I have tried the following:

 

Static IP - no Joy

Firefox Browser - no Joy

Stopping Windows Firewall - no Joy

Putting 127.0.0.1 in proxy settings - no Joy

Updated Network Card Drivers - no Joy

Checking proxycfg settings [ and deleting them ] - no Joy

Done a full SpyBoy S&D - found Delf.Spool.Cn - now removed. - no Joy

Stuck SP3 on [ over lunch ] - no Joy

 

PC CAN ping domain names - [ bbc.co.uk ] - but won't show them in any browser. When IE halts it gives you the diagnose connection problem option - run it [ for a laugh ] It checks connectivity and states it did not detect any problems......

Also flushed DNS, registered DNS, reset IP stack.

The PC IS in the DMZ and set to by pass the proxy server - still nothing - only works through the proxy. :eek::eek::eek::eek::eek:

 

Like I said - there is a pint in it for someone who comes with the answer or close to...... [ no re-build bollox ]

 

P.S. C:\WINDOWS\TEMP\AOE4A4.EXE - this is what I am currently working on, but killing the .exe does not fix it either.

 

 

Here is the Hijackthis log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:51:54, on 07/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\TEMP\AOE4A4.EXE

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Admin Bar\admins admin bar.exe

C:\Admin Bar\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = OvalChat (Banger Racing Forum)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iQon Technologies :: The Smarter Choice :: Home / Office Products

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:8080

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {C9628A86-858E-4352-94DB-A06D1946A3E3} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe

O8 - Extra context menu item: &Search - ?p=ZRYYYYYYLCGB

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'lsp32.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie

O17 - HKLM\System\CCS\Services\Tcpip\..\{25C02B4A-6A6C-4AC2-B9E9-C629B461B221}: NameServer = 10.0.0.3,10.0.0.6

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: karna.dat_

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

mattx

mattx

Posted
  • Author
Posted
Or install Firefox to see if it's an IE issue or something at a deeper level.

 

:)

 

Read original posting - near top of my list. :p

mattx

mattx

Posted
  • Author
Posted
uninstall tcp/ip stack and re-install it. I rememebr you could do it windows 9x but not sure about XP/vista

 

Done that - read original posting. :p

  • Thanks 1
mattx

mattx

Posted
  • Author
Posted
Had a similar problem. In the end I used XPs System Restore and went back a month or so and then all was fine.

 

Tried that - sorry forgot to put it down on my list !!!

mattx

mattx

Posted
  • Author
Posted
have you tried sfc.exe /scannow to check all the xp protected files are correct and intact?

 

Ben

 

NO !! I shall try that NOW !!

tmcd35

tmcd35

Posted
Posted

Okay, I hope this doesn't qualify as 'rebuild it' - Run Windows Repair Install.

 

Odd's on something is seriously bolllox'd up with one of the system files, .dll's or the registry. Rather than spend an eternity finding it, or an eternity doing a complete rebuild, do a Repair Install. If that doesn't fix it then It may be time for the complete rebuild :(

 

Ohh, One more thing you could try first - update network drivers? Worth a shot...

Guest blacksheep

Guest blacksheep

Posted
Posted (edited)

Had a similar one recently. Port 8080 and 80 was being blocked by AVG which had a known issue. This was random as well so not easy to notice at first.

 

So had no internet access from ffox or IE but everything else was fine! 8080 in my case was the proxy and obviously 80 is http.

 

So if you have any AV or unusual services on then disable them in the services applet. Mind you safe mode would of done that :(

 

Maybe some system files have been corrupted/altered through viral activity etc. Whats that setup switch to check the files and rebuild them? Sometimes you can uninstall a service pack and as so many files are replaced during this you can fix something and then reinstall the sp.

Edited by blacksheep
marco84

marco84

Posted
Posted
This may sound silly but have you made sure that auto detect settings isnt checked in LAN settings for IE. Had that on a Vista laptop once and it wouldnt connect to the internet until it was un-checked.
Guest blacksheep

Guest blacksheep

Posted
Posted
haha look at the times on these posts! :D
mattx

mattx

Posted
  • Author
Posted
Had something similar a while ago cured it by repairing winsock, by type netsh winsock reset at the command prompt retart is required. Worked for me:)

 

Dave

 

Tried that when I reset the IP stack - no Joy -[ did not put on original posting ]

mattx

mattx

Posted
  • Author
Posted
This may sound silly but have you made sure that auto detect settings isnt checked in LAN settings for IE. Had that on a Vista laptop once and it wouldnt connect to the internet until it was un-checked.

 

Not silly, but I made sure....!!

tmcd35

tmcd35

Posted
Posted
haha look at the times on these posts! :D

 

What you saying? It's 3:15 on a Friday and we have no work to be getting on with? How dare you! I'm very busy right now I have you know!! I'm replying to important posts on Edugeek!!! :o

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 33 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...