Broken Internet access because of LSP provider 'imon.dll' missing

Discussion in 'NOD32 version 2 Forum' started by izi, Mar 22, 2004.

Thread Status:
Not open for further replies.
  1. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Is this normal: O10 - Broken Internet access because of LSP provider 'imon.dll' missing?

    Logfile of HijackThis v1.97.7
    Scan saved at 18:19:50, on 22.3.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\PL15Co2K.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\WINDOWS\webshots.scr
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\HotFixQ0306270.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Izi/My%20Documents/index.html
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {442599A9-EB41-4F1F-B999-737BC587F314} - C:\WINDOWS\DOWNLO~1\NAJDIS~1.DLL
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Najdi.si - {442599A9-EB41-4F1F-B999-737BC587F314} - C:\WINDOWS\DOWNLO~1\NAJDIS~1.DLL
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {69C84F03-837A-4A66-8B03-6584687207A3} (NajdiSiToolbarInstallCheck Class) - http://www.najdi.si/toolbar/najdisitoolbar.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38038.0609606481
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DFBAE5E9-11B5-455F-B0C0-31110B8AA40F}: NameServer = 192.168.0.1
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    That is normal for a HJT log with NOd installed,

    It's because NOD along with many other AV's that use the winsock entries haven't also put path to the file into the winsock2 protocol catalog so HJt sees it as missing

    just ignore that entry completely
     
  3. SpencerLiam

    SpencerLiam Guest

    Hi, I made the mistake of deleting this entry on HijackThis, the computer auto restarted and on boot up (just before the icons load onto desktop) I get an error, says something like DB (bind) error or along those lines. I click 'ok' on it's dialogue box and it takes an age to load all the programs etc. The computer is now running agonisingly slow and the internet does not work. I also uninstalled nod32 (whether this was a mistake or not I do not know) and now I'm not quite sure where to go from here. Is it repairable or is a format due? Cheers.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Spencer, try the following:

    How to fix a corrupt or deleted Winsock:

    To resolve this issue, delete the corrupted registry keys, and then reinstall of the TCP/IP protocol.


    Step 1: Delete the corrupted registry keys

    1. Click Start, and then click Run.

    2. In the Open box, type regedit
    and then click OK.

    3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

    4. When you are prompted to confirm the deletion, click Yes.

    Note: Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.


    Step 2: Install TCP/IP

    1. Right-click the network connection, and then click Properties.

    2. Click Install.

    3. Click Protocol, and then click Add.

    4. Click Have Disk.

    5. Type C:\Windows\inf
    and then click OK.

    6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

    7. Restart the computer.


    Hope this helps…

    Let us know how you go…

    Cheers :D
     
    Last edited: Sep 25, 2004
  5. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    I had a similar problem a few months ago but managed to solve it this way:

    1- Install NOD32 again and reboot as instructed.
    2- Once Windows has already booted, stop all the NOD32 modules and disable the NOD32 Kernel Service from msconfig.
    3- Reboot.
    4- Enable NOD32 Kernel Service again.
    5- Reboot.
     
  6. SpencerLiam

    SpencerLiam Guest

    Thanks very much folks, will give them a go now. I forgot to mention I'm running Windows 2000 so some things might be different? Will give them a go anyway. Also I am posting these with a different hard drive, just so you know how I'm managing to post with no internet access :D

    Thankyou.
     
  7. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I am not intending in any way to rub salt into a wound, but did you not have Hijack This configured to make a backup before fixing things - I believe this is the default configuration? If so, then you can restore the removed item from the main configuration/backups tab of Hijack This. Or have you already tried this?
     
  8. SpencerLiam

    SpencerLiam Guest

    I did try this and it wasn't on the backups list (yet everything else was, typical eh!) thanks anyway :)

    I've sorted the situation now, working good as new! I followed BlackSpear's instructions and it worked a treat. Thankyou all for helping me out :D
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see.

    All the best...

    Cheers :D
     
Thread Status:
Not open for further replies.