1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

kernell32.dll

Discussion in 'Earlier Versions of Windows' started by alpenmoadl, Apr 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    Hello our PC has been acting weird in the last week or so. It shuts itself down, the all the time these messages pop up, i have a hard time to access explorer or the email, restarting and booting the pc a few times before i can go anywhere, i downloaded a free virus software from the net 3 days ago AVG - but I am not sure if it does it job...

    i am afraid of loosing all ou data and files.....
    thanks for an help

    as I was writing this message popped up.

    BACKWEB-8876480 caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff70758.
    Registers:
    EAX=00000000 CS=0167 EIP=bff70758 EFLGS=00010202
    EBX=00000ad0 SS=016f ESP=0063f0a8 EBP=0063f100
    ECX=00000018 DS=016f ESI=00000170 FS=3717
    EDX=bff70758 ES=016f EDI=ffff0831 GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    bffc9490 000000fd 000000fd 0063f118 00000124 818c6ac0 c15fad50 00000001 00000170 00000170 0063f100 0063f0e8 0063f118 bffc9490 c15fad50 00000001

    MORE MESSAGES:

    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff705b2.
    Registers:
    EAX=00000000 CS=0167 EIP=bff705b2 EFLGS=00010216
    EBX=00000528 SS=016f ESP=00d9fd44 EBP=00d9fd9c
    ECX=00000018 DS=016f ESI=00000058 FS=45d7
    EDX=bff705b2 ES=016f EDI=ff033e1d GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    00000124 000000fd 000000fd 00d9fdb4 00000124 818b2538 c1682e40 00000011 00000058 00000058 00d9fd9c 00d9fd84 00d9fdb4 bffc9490 c1682e40 00000001


    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff70529.

    LVCOMS caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff7067e.
    Registers:


    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff70758.
    Registers:
    EAX=00000000 CS=0167 EIP=bff70758 EFLGS=00010216
    EBX=00000d2c SS=016f ESP=00dffd44 EBP=00dffd9c
    ECX=00000018 DS=016f ESI=00000058 FS=11af
    EDX=bff70758 ES=016f EDI=ffff1e81 GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    00000124 000000fd 000000fd 00dffdb4 00000124 81895db0 c16414b0 00000000 00000058 00000058 00dffd9c 00dffd84 00dffdb4 bffc9490 c16414b0 00000001

    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff705b2.
    Registers:
    EAX=00000000 CS=0167 EIP=bff705b2 EFLGS=00010216
    EBX=000000cc SS=016f ESP=00d9fd44 EBP=00d9fd9c
    ECX=00000018 DS=016f ESI=00000064 FS=5287
    EDX=bff705b2 ES=016f EDI=ffff1e81 GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    bffc9490 000000fd 000000fd 00d9fdb4 00000124 8188c5c8 c1616820 00000000 00000064 00000064 00d9fd9c 00d9fd84 00d9fdb4 bffc9490 c1616820 00000001

    EXPLORER caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff70529.
    Registers:
    EAX=00000000 CS=0167 EIP=bff70529 EFLGS=00010216
    EBX=00000228 SS=016f ESP=0134fd44 EBP=0134fd9c
    ECX=00000018 DS=016f ESI=00000114 FS=521f
    EDX=bff70529 ES=016f EDI=ffff1e81 GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    00000124 000000fd 000000fd 0134fdb4 00000124 8182d118 ddc72c70 00000000 00000114 00000114 0134fd9c 0134fd84 0134fdb4 bffc9490 ddc72c70 00000001
    \
    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff705b2.
    Registers:
    EAX=00000000 CS=0167 EIP=bff705b2 EFLGS=00010216
    EBX=00000528 SS=016f ESP=00d9fd44 EBP=00d9fd9c
    ECX=00000018 DS=016f ESI=00000058 FS=45d7
    EDX=bff705b2 ES=016f EDI=ff033e1d GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    00000124 000000fd 000000fd 00d9fdb4 00000124 818b2538 c1682e40 00000011 00000058 00000058 00d9fd9c 00d9fd84 00d9fdb4 bffc9490 c1682e40 00000001
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Go to http://housecall.trendmicro.com or http://www.pandasoftware.com/activescan/com/activescan_principal.htm and click the Scan Now link to run a free on-line virus scan.

    ***

    Enter the Add/Remove Programs control panel and uninstall Backweb from what I assume is your HP computer; Then restart your computer.

    ***

    Internet Explorer 5.x/6.x comes with a repair tool. To use it, go to the Add/Remove Programs Control Panel; Scroll and click to highlight 'Microsoft Internet Explorer 5/6.x' in the Install/Uninstall window; Then click on the Add/Remove button; Select 'Repair' the current installation of Internet Explorer radio button; Click on OK. Restart your computer when prompted.
     
  3. loucav2

    loucav2

    Joined:
    Apr 25, 2004
    Messages:
    4
    recieve error message, periodically, stating,
    EXPLORER, CAUSED ERROR IN , KERNEL 32 DLL,
    then computer, shuts down
     
  4. loucav2

    loucav2

    Joined:
    Apr 25, 2004
    Messages:
    4
     
  5. loucav2

    loucav2

    Joined:
    Apr 25, 2004
    Messages:
    4
    error kernel 32 dll
     
  6. loucav2

    loucav2

    Joined:
    Apr 25, 2004
    Messages:
    4
     
  7. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    Hello Styxx: Thanks very much for your initial consultation.

    I did run the virus scan - took a few hours and then the internet explorer repair in the add/remove section.. i have no viruses :)

    i could not find the Backweb in the add-remove section.. but it is on my harddrive in c - program files.......
    but i do not know how to uninstall it - it is connected to a few programs.

    i send the other files to the recyle bin, that had backwen in them


    there is one backweb application i could not send to the recycling bin:
    back-web 8876480 ..... c:\program files\logitech\desktop messenger\8876480 \program 16KB

    ... the same messages pop up....... with the same text - i can just close them... and continue what I am doing, but once in a while the computer freezes and i have to restart it.....


    yes - i have a HP and I run win 98

    Thanks for your help.... what should i do next??
     
  8. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    Hi STyxx.
    Another member suggested to run hijack, which I did.
    Below pls see my log, the backweb thing is still there.
    How do I get rid of it.?
    thanks


    Logfile of HijackThis v1.97.7
    Scan saved at 12:56:12 PM, on 26/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = SHAW.MAIL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
    O4 - Startup: Greeting.lnk = C:\Program Files\Wizzard Software Corp\IVA\Apps\Greet.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Coches (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash5/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     
  9. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    This is a basic guide as to what the log means, and some tips on reading it yourself. This should in no way replace asking for help in the forums, but it will still help you somewhat in understanding and modifying the log yourself.
    --------------------------------------------------------------------------------

    Overview

    Each line in a HijackThis log starts with a section name.

    For practical information, click the section name you need help with:
    R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
    F0, F1 - Autoloading programs
    N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
    O1 - Hosts file redirection
    O2 - Browser Helper Objects
    O3 - Internet Explorer toolbars
    O4 - Autoloading programs from Registry
    O5 - IE Options icon not visible in Control Panel
    O6 - IE Options access restricted by Administrator
    O7 - Regedit access restricted by Administrator
    O8 - Extra items in IE right-click menu
    O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
    O10 - Winsock hijacker
    O11 - Extra group in IE 'Advanced Options' window
    O12 - IE plugins
    O13 - IE DefaultPrefix hijack
    O14 - 'Reset Web Settings' hijack
    O15 - Unwanted site in Trusted Zone
    O16 - ActiveX Objects (aka Downloaded Program Files)
    O17 - Lop.com domain hijackers
    O18 - Extra protocols and protocol hijackers
    O19 - User style sheet hijack

    --------------------------------------------------------------------------------

    R0, R1, R2, R3 - IE Start & Search page

    What it looks like:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.google.com/
    R3 - Default URLSearchHook is missing
    What to do:
    If you recognize the URL at the end as your homepage or search engine, it's OK. If you don't, check it and have HijackThis fix it.
    For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.
    --------------------------------------------------------------------------------

    F0, F1 - Autoloading programs

    What it looks like:
    F0 - system.ini: Shell=Explorer.exe Openme.exe
    F1 - win.ini: run=hpfsched

    What to do:
    The F0 items are always bad, so fix them.
    The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.
    --------------------------------------------------------------------------------

    N1, N2, N3, N4 - Netscape/Mozilla Start & Search page

    What it looks like:
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    What to do:
    Usually the Netscape and Mozilla homepage and search page are safe. They rarely get hijacked. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O1 - Hostsfile redirection

    What it looks like:
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    What to do:
    This hijack will redirect the address to the right to the IP address to the left. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.
    --------------------------------------------------------------------------------

    O2 - Browser Helper Objects

    What it looks like:
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    What to do:
    If you don't directly recognize a Browser Helper Object's name, use TonyK's BHO List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the BHO List, 'X' means spyware and 'L' means safe.

    --------------------------------------------------------------------------------

    O3 - IE toolbars

    What it looks like:
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)
    O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL
    What to do:
    If you don't directly recognize a toolbar's name, use TonyK's Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the Toolbar List, 'X' means spyware and 'L' means safe.
    If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data' (like the last one in the examples above), it's definitely bad, and you should have HijackThis fix it.
    --------------------------------------------------------------------------------

    O4 - Autoloading programs from Registry

    What it looks like:
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    What to do:
    Use PacMan's Startup List to find the entry and see if it's good or bad.
    --------------------------------------------------------------------------------

    O5 - IE Options not visible in Control Panel

    What it looks like:
    O5 - control.ini: inetcpl.cpl=no
    What to do:
    Unless you've knowingly hidden the icon from Control Panel, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O6 - IE Options access restricted by Administrator

    What it looks like:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    What to do:
    Unless you have the Spybot S&D option 'Lock homepage from changes' active, have HijackThis fix this.
    --------------------------------------------------------------------------------

    O7 - Regedit access restricted by Administrator

    What it looks like:
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    What to do:
    Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O8 - Extra items in IE right-click menu

    What it looks like:
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    What to do:
    If you don't recognize the name of the item in the right-click menu in IE, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O9 - Extra buttons on main IE toolbar, or extra items in IE 'Tools' menu

    What it looks like:
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    What to do:
    If you don't recognize the name of the button or menuitem, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O10 - Winsock hijackers

    What it looks like:
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'c:\progra~1\common~2\toolbar\cnmib.dll' missing
    O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll
    What to do:
    It's best to fix these using LSPFix from Cexx.org, or Spybot S&D from Kolla.de.
    --------------------------------------------------------------------------------

    O11 - Extra group in IE 'Advanced Options' window

    What it looks like:
    O11 - Options group: [CommonName] CommonName
    What to do:
    The only hijacker as of now that adds its own options group to the IE Advanced Options window is CommonName. So you can always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O12 - IE plugins

    What it looks like:
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    What to do:
    Most of the time these are safe. Only OnFlow adds a plugin here that you don't want (.ofb).
    --------------------------------------------------------------------------------

    O13 - IE DefaultPrefix hijack

    What it looks like:
    O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
    O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
    What to do:
    These are always bad. Have HijackThis fix them.
    --------------------------------------------------------------------------------

    O14 - 'Reset Web Settings' hijack

    What it looks like:
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
    What to do:
    If the URL is not the provider of your computer or your ISP, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O15 - Unwanted site in Trusted Zone

    What it looks like:
    O15 - Trusted Zone: http://free.aol.com
    What to do:
    So far, only AOL has the tendency to add itself to your Trusted Zone, allowing it to run any ActiveX it wants. Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O16 - ActiveX Objects (aka Downloaded Program Files)

    What it looks like:
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    What to do:
    If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.
    --------------------------------------------------------------------------------

    O17 - Lop.com domain hijacks

    What it looks like:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
    O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
    What to do:
    If the domain is not from your ISP or company network, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O18 - Extra protocols and protocol hijackers

    What it looks like:
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
    O18 - Protocol hijack: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
    What to do:
    Only a few hijackers show up here. The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those.
    Other things that show up are either not confirmed safe yet, or are hijacked by spyware. In the last case, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O19 - User style sheet hijack

    What it looks like:
    O19 - User style sheet: c:\WINDOWS\Java\my.css
    What to do:
    In the case of a browser slowdown and frequent popups, have HijackThis fix this item if it shows up in the log.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223466

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice