1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hi jack this ?

Discussion in 'Earlier Versions of Windows' started by cookingguy, Apr 23, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    this is what i got from hi jack this... im having a problem with this computer.. its a dell about 4 yrs old.. 128 ram.. p3.. it keeps shutting down i keep getting ad ware popping up and redirected to a different site.. any help would be great.. thanks

    thank you
    cookingguy

    Logfile of HijackThis v1.97.7
    Scan saved at 1:07:45 PM, on 4/23/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS1\SYSTEM\KERNEL32.DLL
    C:\WINDOWS1\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS1\SYSTEM\MPREXE.EXE
    C:\WINDOWS1\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS1\SYSTEM\MSTASK.EXE
    C:\WINDOWS1\EXPLORER.EXE
    C:\WINDOWS1\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS1\SYSTEM32\DRIVERS\DCFSSVC.EXE
    C:\WINDOWS1\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
    C:\WINDOWS1\SYSTEM\WMIEXE.EXE
    C:\WINDOWS1\SYSTEM\DDHELP.EXE
    A:\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS1\System32\Drivers\dcfssvc.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS1\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS1\scanregw.exe /autorun
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O10 - Broken Internet access because of LSP provider 'c:\windows1\system\lsp.dll' missing
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.3756018519
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Close your internet browser, all other programs, doing the below, restart your computer and then generate your Hijack This log.

    Clear your browser's Cache and key folders before you generate a HJT log:

    Click the Start button; Point to Control Panel, select Internet Options; In the box that opens, click the Clear History; Delete Cookies And Delete Files buttons (tick the box next to, 'Delete all off-line content', each in turn; In the box that opens after activating each button, click the OK button. Click OK to close the Internet Options window.

    Clear the contents of the c:\Windows\Cookies; Temporary Internet Files and Temp folders.


    ***

    You've got way too much running at Windows startup.

    Check your available resources by right-clicking My Computer; clicking Properties; Click the Performance tab. Resources available are displayed as percent there at top. Check it when you get done running the System Configuration Utility mentioned below.

    Click the Start button; Run; type 'msconfig', without the quotation marks, in the Run box and click OK; Then click the Startup tab; Uncheck anything you don't need running in the background. For reference on what's not needed running in the background in the System Configuration Utility, view this website first and print out the list:

    http://www2.whidbey.net/djdenham/Running_items.htm

    It's important that you print out the above mentioned list. The site provides a printer friendly link.

    In the System Configuration Utility (SCU), you can uncheck programs you suspect one at a time and restart your computer. If something doesn't work right, you can always go back into the SCU and re-check it and restart your computer via the Start button. The changes are completely reversible by re-checking an item in SCU or by selecting Normal Startup under the General tab in the SCU and all the programs listed run when Windows starts as it was before you started.

    ***

    You need to be running a firewall like free Sygate from http://download.com - type, sygate, in the Search box, you must be on-line to register Sygate, that is if you're not using a firewalled Router on a Network or, have another third-party firewall like Sygate installed, to protect you and the Internet community from hackers, spammers and terrorist from using your computer for their own illicit needs while you're on-line?


    ***

    Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.

    ***

    You might post exactly what programs you have in the Add/Remove Programs Control Panel list box.

    ***

    Go to http://housecall.trendmicro.com or http://www.pandasoftware.com/activescan/com/activescan_principal.htm and click the Scan Now link to run a free on-line virus scan.

    ***

    What anti-virus are you using? If you're running Mcaffee or Norton anti-virus and have not recently paid for a one year subscription to download weekly new virus definitions, you might consider getting free AntiVir 6 from http://free-av.com - Uninstalling Mcaffee; Restarting your computer and installing free AntiVir Anti-virus 6.0.
     
  3. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    This is a basic guide as to what the log means, and some tips on reading it yourself. This should in no way replace asking for help in the forums, but it will still help you somewhat in understanding and modifying the log yourself.
    --------------------------------------------------------------------------------

    Overview

    Each line in a HijackThis log starts with a section name.

    For practical information, click the section name you need help with:
    R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
    F0, F1 - Autoloading programs
    N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
    O1 - Hosts file redirection
    O2 - Browser Helper Objects
    O3 - Internet Explorer toolbars
    O4 - Autoloading programs from Registry
    O5 - IE Options icon not visible in Control Panel
    O6 - IE Options access restricted by Administrator
    O7 - Regedit access restricted by Administrator
    O8 - Extra items in IE right-click menu
    O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
    O10 - Winsock hijacker
    O11 - Extra group in IE 'Advanced Options' window
    O12 - IE plugins
    O13 - IE DefaultPrefix hijack
    O14 - 'Reset Web Settings' hijack
    O15 - Unwanted site in Trusted Zone
    O16 - ActiveX Objects (aka Downloaded Program Files)
    O17 - Lop.com domain hijackers
    O18 - Extra protocols and protocol hijackers
    O19 - User style sheet hijack

    --------------------------------------------------------------------------------

    R0, R1, R2, R3 - IE Start & Search page

    What it looks like:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.google.com/
    R3 - Default URLSearchHook is missing
    What to do:
    If you recognize the URL at the end as your homepage or search engine, it's OK. If you don't, check it and have HijackThis fix it.
    For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.
    --------------------------------------------------------------------------------

    F0, F1 - Autoloading programs

    What it looks like:
    F0 - system.ini: Shell=Explorer.exe Openme.exe
    F1 - win.ini: run=hpfsched

    What to do:
    The F0 items are always bad, so fix them.
    The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.
    --------------------------------------------------------------------------------

    N1, N2, N3, N4 - Netscape/Mozilla Start & Search page

    What it looks like:
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    What to do:
    Usually the Netscape and Mozilla homepage and search page are safe. They rarely get hijacked. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O1 - Hostsfile redirection

    What it looks like:
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    What to do:
    This hijack will redirect the address to the right to the IP address to the left. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.
    --------------------------------------------------------------------------------

    O2 - Browser Helper Objects

    What it looks like:
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    What to do:
    If you don't directly recognize a Browser Helper Object's name, use TonyK's BHO List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the BHO List, 'X' means spyware and 'L' means safe.

    --------------------------------------------------------------------------------

    O3 - IE toolbars

    What it looks like:
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)
    O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL
    What to do:
    If you don't directly recognize a toolbar's name, use TonyK's Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the Toolbar List, 'X' means spyware and 'L' means safe.
    If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data' (like the last one in the examples above), it's definitely bad, and you should have HijackThis fix it.
    --------------------------------------------------------------------------------

    O4 - Autoloading programs from Registry

    What it looks like:
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    What to do:
    Use PacMan's Startup List to find the entry and see if it's good or bad.
    --------------------------------------------------------------------------------

    O5 - IE Options not visible in Control Panel

    What it looks like:
    O5 - control.ini: inetcpl.cpl=no
    What to do:
    Unless you've knowingly hidden the icon from Control Panel, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O6 - IE Options access restricted by Administrator

    What it looks like:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    What to do:
    Unless you have the Spybot S&D option 'Lock homepage from changes' active, have HijackThis fix this.
    --------------------------------------------------------------------------------

    O7 - Regedit access restricted by Administrator

    What it looks like:
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    What to do:
    Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O8 - Extra items in IE right-click menu

    What it looks like:
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    What to do:
    If you don't recognize the name of the item in the right-click menu in IE, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O9 - Extra buttons on main IE toolbar, or extra items in IE 'Tools' menu

    What it looks like:
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    What to do:
    If you don't recognize the name of the button or menuitem, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O10 - Winsock hijackers

    What it looks like:
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'c:\progra~1\common~2\toolbar\cnmib.dll' missing
    O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll
    What to do:
    It's best to fix these using LSPFix from Cexx.org, or Spybot S&D from Kolla.de.
    --------------------------------------------------------------------------------

    O11 - Extra group in IE 'Advanced Options' window

    What it looks like:
    O11 - Options group: [CommonName] CommonName
    What to do:
    The only hijacker as of now that adds its own options group to the IE Advanced Options window is CommonName. So you can always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O12 - IE plugins

    What it looks like:
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    What to do:
    Most of the time these are safe. Only OnFlow adds a plugin here that you don't want (.ofb).
    --------------------------------------------------------------------------------

    O13 - IE DefaultPrefix hijack

    What it looks like:
    O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
    O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
    What to do:
    These are always bad. Have HijackThis fix them.
    --------------------------------------------------------------------------------

    O14 - 'Reset Web Settings' hijack

    What it looks like:
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
    What to do:
    If the URL is not the provider of your computer or your ISP, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O15 - Unwanted site in Trusted Zone

    What it looks like:
    O15 - Trusted Zone: http://free.aol.com
    What to do:
    So far, only AOL has the tendency to add itself to your Trusted Zone, allowing it to run any ActiveX it wants. Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O16 - ActiveX Objects (aka Downloaded Program Files)

    What it looks like:
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    What to do:
    If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.
    --------------------------------------------------------------------------------

    O17 - Lop.com domain hijacks

    What it looks like:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
    O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
    What to do:
    If the domain is not from your ISP or company network, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O18 - Extra protocols and protocol hijackers

    What it looks like:
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
    O18 - Protocol hijack: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
    What to do:
    Only a few hijackers show up here. The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those.
    Other things that show up are either not confirmed safe yet, or are hijacked by spyware. In the last case, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O19 - User style sheet hijack

    What it looks like:
    O19 - User style sheet: c:\WINDOWS\Java\my.css
    What to do:
    In the case of a browser slowdown and frequent popups, have HijackThis fix this item if it shows up in the log.
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First download lsp fix.exe from http://www.cexx.org/LSPFix.exe , open the program, scroll down in the window and clcik"finish"

    Then rescan and put a check next to each of these then close all browser windows and click "fix checked"
    '
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    egw.exe /autorun

    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

    O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

    O10 - Broken Internet access because of LSP provider 'c:\windows1\system\lsp.dll' missing



    Then reboot into safe mode and delete:
    C:\Program Files\Common files\updater\wupdater.exe

    Feel free to repost a fresh log if you wish.
     
  5. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    ok this is what i have now,, and i still cant get IE6 to work... my pci is pinging back but it wont sign on to the net.. any help out there? dell p3 128 ram computer

    Logfile of HijackThis v1.97.7
    Scan saved at 9:57:07 PM, on 4/23/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS1\SYSTEM\KERNEL32.DLL
    C:\WINDOWS1\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS1\SYSTEM\MPREXE.EXE
    C:\WINDOWS1\SYSTEM\mmtask.tsk
    C:\WINDOWS1\EXPLORER.EXE
    A:\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\SYSTEM\MSDXM.OCX
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Shockwave Director Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.3756018519
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\SYSTEM\MSDXM.OCX
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Shockwave Director Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.3756018519
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Select internet explorer in add/remove programs now then click remove. This shou bring the option to repair. Do so then reboot when complete.
     
  7. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    ive tried that all ready.. and its still giving me the "page cant be displayed" but ill try it again
     
  8. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Have you done a scanreg /restore yet ?
     
  9. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    no restore yet.... i did reinstall windows...just did a scanreg and no errors were found... it looks like only a reformat will be the answer????
     
  10. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    I now notice a change to internet explorer 5.5 . Were you aware of that ?
     
  11. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    yes.. that was cause i uninstalled win98 and reinstalled it... it couldnt update since i cant get online
     
  12. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    So you just did a complete reinstall ?
     
  13. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    yes for win98 only
     
  14. cookingguy

    cookingguy Thread Starter

    Joined:
    Mar 6, 2004
    Messages:
    55
    do u think a complete reformat will solve my problem???

    btw thanks everyone for all the help

    cookingguy
     
  15. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    your log shows you're not using a firewall like the one linked below. you need to get Netscape to browse with since IE doesn't work. You could use a computer with a CD burner to download a copy of NS then take the CD to the target computer.

    Likely you've run into the 'over-write' install of Windows trap', unless you do a full format of your hard drive and then do a install of Windows (clean install) significant problems from your previous install of Win98 get transferred over with your so-called 'complete' install of Windows.

    Please see the following printable attachment for more information on Starting From Scratch.

    Before you think about formatting your HDD you'll need to acquire and backup your Audio, Video and Modem drivers. See your Device Manager for driver version and dates that wqill help you. Driverguide.com has hard to obtain drivers that you may need. Drivers are often available off the computer, or mainboard maker's website.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223217

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice