I am having trouble connecting to the internet.
This is after I had a "Police Pro Virus" and thought I had eradicated it
I am not a novice, nor an expert, somewhere in-between.
This is the first time I have had to deal with a problem like this and understand I need to post HijackThis log files, so I think I did this by downloading HighjackThis and executing it on the PC in question, now posting it here with another PC
Any help would be appreciated, and even a point to a better place for help would be OK too,
There seems to be some level of other corruption, not sure it was the result of this virus, or something else, for example, I can not access "Tools - Folder Options" in Windows Explorer. System restore is also disabled, again, not sure why.
thank you in advance

log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:10 PM, on 2/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: osguardpro.microsoft.com
O1 - Hosts: os-guardpro.com
O1 - Hosts: www.os-guardpro.com
O2 - BHO: (no name) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\lnttfbmp.dll",sitypnow
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Usakositad] rundll32.exe "C:\WINDOWS\uruhubim.dll",Startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\sqdg4JngE.exe" /runcleanupscript
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus NX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE /FU "C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\E_S18.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Login Software 2009] C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\uqh32cu5.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\user.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230132719542&h=8c8d873d043c6260d75b393b7c6202dc/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEE947-B9B2-40BE-9BFE-C108239D5EAB}: NameServer =
O18 - Filter hijack: text/html - {a5e9f807-f0fa-4c67-bb76-604a735357d5} - (no file)
O20 - AppInit_DLLs: kefolege.dll c:\windows\system32\wubefivu.dll
O20 - Winlogon Notify: nnnlmmj - nnnlmmj.dll (file missing)
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll (file missing)
O21 - SSODL: fehafatin - {12f2824b-f129-40e9-be9a-dda0d5cc663c} - c:\windows\system32\butodiwe.dll (file missing)
O21 - SSODL: dehoyapez - {ab81ff94-2246-424d-b35f-38d6b5221584} - c:\windows\system32\wubefivu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {12f2824b-f129-40e9-be9a-dda0d5cc663c} - c:\windows\system32\butodiwe.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {ab81ff94-2246-424d-b35f-38d6b5221584} - c:\windows\system32\wubefivu.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

End of file - 11734 bytes


Recommended Answers

All 12 Replies

Member Avatar


When you say "Unable to connect to internet", what exactly is the problem? Are you getting any error or something like that? What is your connecting status message when you initiate a connection?

As for the other problems,

Please download and use this tool --> RRT.exe [Remove Restrictions Tool], its free for personal use and is very effective, after which I recommend doing a full System scan with a good security software with the latest updates.


Instructions for using RRT:

After getting yourself a copy of the program,

1) Boot into safe mode (to get into safe mode in Windows, press F8 when the boot screen is displayed)
2) Install/extract.
3) If there are any problems with your PC settings, those settings will be colored in RED.
4) Tick/Check mark all those RED colored settings and finally click REMOVE.
5) Restart your system and boot into normal mode.

And please do get back with the results!!

I will use the RRT tool in a moment, for now let me answer your questions concerning the internet connection issue:

I have posted 2 screen shots of the problem


1. a screen shot of IE-8 when I try and connect to the internet with IE-8, I get a message: internet explorer can not connect to the internet

2. a screen shot of my network connections, and some sub-screens of it

I also disabled the connection, then enabled it, I also did the repair connection, I tried to reboot, etc...the hard line from the router is good because I have tested it with another PC

I can very easily do these screen shots, much easier than trying to type what they say, so please let me know if you want to see something


The RRT program worked well, thanks, no need to go into the registry and enable each one by hand as I had been led to believe I had to do
I am hopeful for an easy solution to the internet connectivity issue too

Member Avatar

So, Flyingbluegill, any news on RRT? [In case you are not able to enter Safe mode, you can run it under normal boot as well, in fact running it under normal boot once would be preferred.]

And, sorry, I didn't check your HJT log at first, but it seems like you got some nasty virus (which is still actively running in your system I manged to locate "user.exe"). This virus attack has wrecked your windows networking related files such as,

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing

You can also see that several other files are missing as per your HJT log.

I tried to google a solution and most forums (including Daniweb) recommend LSPFix & WinsockFix. But it hasn't worked for many people, probably because they had other files missing as well and gave up without trying to fix everything and just went ahead and formatted their PCs.

So what I suggest is that you download Spybot Search & Destroy. Run a full system scan after installing the latest updates. Fix the problems that it show you. Restart and try your internet connection.

If problem persists, then download LSPFix and Winsock, and use them as per the instructions provided along with the software. If these steps didn't solve your problem, we may have to scrutinize your HJT log even further and find the recommended solutions for individual problems.

If you are a bit inclined to the technical side, you may be able to do it on your own using this simple guide -> http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis.htm

And finally, a word of advice.. if you would be more comfortable with reinstalling Windows, rather than all this hassle, then you might as well do that.

Member Avatar

Hello again!
I missed your last post due to technical issues, I just saw it and am glad to know that RRT was of help.

And to summarize my elaborated previous post,

1) Download Spybot S&D + install latest updates + after updating do full system scan.
2) FIX all the problems detected by Spybot S&D. Restart PC.
3) Do the same as above with Avira Antivir (link is in my signature). Now try Internet connection.
4) If problem persists, download LSPFix and run it as per instructions + restart + try internet conn.
5) If problem still exists, download WinSock and do the same as above.
6) If still got the problem, then we got to analyze individual entries of problematic HJT log entries (OR) reinstall Network services (OR) format your PC (only as a last desperate resort).

Please do steps 1 to 5 and get back to us, so we can decide on what to do.. Have a great time ;-)

Sorry to contradict, but Spybot is next to useless in removing modern malware.

@ the OP.

Post the log from Malwarebytes Anti-Malware.

Run winsockfix as suggested and see if you can get online.

Member Avatar

Sorry to contradict, but Spybot is next to useless in removing modern malware.

Hmmm.. that's news to me.
Spybot has always been helpful in tough situations (though it did take up a lot of RAM).

But I will take your advice and try out Malware Bytes as well!
And thank you for pointing it out.

You will not find many around who recommend Spybot for any more than a site blocker now, or home page protector.

Member Avatar

You will not find many around who recommend Spybot for any more than a site blocker now, or home page protector.

Makes me feel like I was living under a rock or something :P, I guess its time to update myself with the latest software info.:cool:

Once again, thanks for the pointers crunchie!!

Akmaahamed and Crunchie

Lots has happened, both on subject PC (subject of post) and this one that I am posting from

On PC with connection issue:

I downloaded and ran the latest Spybot

It caused lots of issues after fixing items flagged and rebooting, lots of command boxes now open up, lots of stuff not found in startup sequence, basically reverse progress

Also, the RRT thing is not going away, I don’t see in available to uninstall in my “add or remove programs” either…but be that as it may…

And Spybot wants to run every time I reboot, many times locking up the PC as it partially runs

But I am getting through that, all, I decided to “recover” the changes made with Spybot, and I am doing that as I write this, just prior to doing it though, I took some screen shots of what Spybot has fixed…again, I will now undo them to see if I can get back to where I was

Screen shots of Spybot items that I will be repairing are tacked onto my screenshots here:


OK, as I said that PC is work in progress, trying to just get back to where I was with recover, then see if it will boot OK

Then I plan to uninstall Spybot

In the mean time, I decided to run Spybot on this (good) PC…wrong idea! I was running some internet security software called Digi-Watcher…and being I did not uncheck those flagged boxes (which were hidden in a collapsed line), I now can not run Digi-Watcher. I’ve tried to do all sorts of things, doing a “repair” in Spybot (which did NOT work), I even did a system restore (which also did not work) and still no Digi_watcher…drat

In any event the above is an update to my problem PC, the good one seems OK besides the issue with Digi-Watcher

I am going to stick to the issue here, namely that of my problem PC


Member Avatar

Hello flyingbluegill..

First of all let me apologize for suggesting an out of date program (Spybot S&D) and all the inconveniences it has cost you. I am really sorry.

Having said that, I would suggest you try & undo all the changes done by Spybot S&D, as you said you would be doing, then disable "start with windows" option in its settings, this will prevent it from loading at windows startup. Once you have done that, leave it as it is for now.

Now as crunchie suggested,
Post the log from Malwarebytes Anti-Malware.

Here are the instructions as to how to proceed. [again thanks to crunchie]

Download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

Post new HJT log.

As for RRT, it has simply added itself to the startup, and can be easily removed, but to prevent complicating things at this stage, simply rename the "RRT.exe" file with some other name and don't use it again, till we get rid of your other problems.

So, your main priority now is to undo spybot changes + disable its startup option & then post the Malwarebytes Anti-Malware log for analysis as per the above instructions.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.