Advice on pc and internet problem please

  Never again 09:14 23 May 05
Locked

My friend (Brian) has brought his pc into me as he said that it was having trouble connecting to the Internet. He is running windows XP Pro on a Duron 1200 with 256mb ram.

His Norton Anti virus was out of date so I installed AVG free edition, which found over 50 viruses which I healed.

I had a read of some relevant forum threads and also installed and run spybot search & destroy and a squared, which both found stuff that I deleted. I also installed spyware blaster, adaware and zone alarm, and got rid of bargain buddy and svchos1at.exe which were causing problems and upgraded to service pack 2 from cd.

I managed to connect to the internet and download the updates for AVG, adaware, spybot and a squared and run them all in safe mode to get rid of the rest of the nasties on the pc. I tried to do the latest windows updates but Internet Explorer was misbehaving and displaying a blank done page, although I could use it to access other internet sites.

I also ran winsock xp and sfc /scannow to make sure that windows and internet Explorer was all there and running properly, but now the pc wont connect to the internet and gives me an error 628.

Other error messages from time to time include “16 bit ms-dos subsystem error” and a program wants to dial out and connect to www7.logih.com, which is probably spyware or virus related I guess, but scans of a squared, spybot and AVG are now clear?

I have checked all the cables to the dial up connection and they are ok.

Has anyone any suggestions please.

  mattyc_92 09:31 23 May 05

Try uninstalling the modem (and the programs that his ISP sent him when he registered with them)...

Now restart the system... Log back into the system as an administrator again and install the Modem and the program(s) the ISP gave him (if there are any)...

Once more restart the system to make sure it is all working, then try to access the internet....

  961 09:40 23 May 05

Error 628 relates to dial up settings

You rightly say www7.log.... relates to spyware

I suggest you log on to one of the techy forums which will, if necessary, review a hijack log but you may well be able to remove this stuff yourself after a careful read of a post titled "is my computer dying" at
click here

Alternatively you can post a hijack this log here and someone much cleverer than me will no doubt help

  961 09:43 23 May 05

don't forget to turn off system restore while clearing all this crud so that the nasties don't hide there to reappear on next boot

  Never again 10:50 23 May 05

1. I cant delete his settings as he con't remember his isp password at the moment, but he connects to freeserve - the same as I am on at the moment and so I can compare his settings with my working ones.

2. I've already turned off system restore as I have made that mistake before - but still a good suggestion, Thanks

3. Here is the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 10:39:50, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=click here;ftp=click here
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\svchost.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [fujqtzxjub] C:\WINDOWS\System32\qlbdiw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\Iesearch.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {11111111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - click here
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe (file missing)

  961 11:52 23 May 05

will perhaps take a look when she is next around

  Never again 12:44 23 May 05

Latest update.

I think mattyc_92 was on the right track as this is what I have done.

I am now connected to the internet on the dodgy pc as I borrowed a known compatible modem and fitted it to see if it would work - and it does. SP2 must have knocked the original modem out which was a pctel HSP56MR modem.

....but something is still not right as I can't access the windows update page from the link on the start menu and the avg virus update will not work as it says that the request has timed out?

any ideas??

  Never again 12:59 23 May 05

I've tried fooling windows by getting to windows update by googling and then selecting old links such as the version 4 link, but that's still looking for the latest version of windows update software and its been doing this for the last 10 minutes.

The address "click here" just shows a completely blank window with done in the left hand corner whatever way I try to get to it?

I know the connection is working because this post got through and I have updated spybot and a squared, and hopefully this post has got through!!

  Never again 13:04 23 May 05

I keep getting a window open with the following address

click here

if the above is a click here the attempt below is to try to show you all what it says without turning it into a link. I have missed out the http:// - the rest is

540.filost.com/randomsites/banner with .aspx at the end after banner (hopefully this is not a link)

  Never again 13:31 23 May 05

I think that the problem is to do with Internet explorer as I can't view my hotmail or yahoo email inboxes from this (dodgy) pc but I can from my other work pc.

The windows automatic updates was downloading, but stopped at 1% and then disappeared from the system tray?

Belarc advisor tells me that there are still critical and important updates missing - but how do I get to them?

Another of those 540.filost windows has opened.

Help please this is driving me crazy, but I feel that if I close the connection then I'll never get it back.

  pimpers 13:35 23 May 05

Could you try and load another ISP disk for EG, Virgin? As Matty says to do this as well as change the modem.

This might over-right all the existing internet software and you will be starting with a new fresh dial up number.

Only a thought + bump.

Pimpers!!!

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Hands-on with the Star Wars fighting drones you can fly yourself

iPhone 9 and beyond: 32 amazing future smartphone developments - graphene, supercapacitor…