0

Hi CaperJack suggested I post a HijackThis report here. My internet connection is not working on my Windows 98 laptop, it is using a USB ethernet adapter and I share files and printers with it but it will not connect to internet. When I run winipcfg I get an error "Failed to initialize Winsock." I have tried reinstalling TCP/IP etc. with no success.. Here is the hijackthis log...any help is appreicated.

----------------------------------------------------------------Logfile of HijackThis v1.97.7
Scan saved at 4:06:16 AM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jacksonville.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Active Shockwave) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37740.9121527778
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

------------End of report------------------------------------

5
Contributors
16
Replies
17
Views
12 Years
Discussion Span
Last Post by cdt1983
0

Can you update to the newest version of HJT? it's 1.98.2. Either use the update button, or redownload from http://www.spychecker.com/program/hijackthis.html

Also I'd suggest you move HJT into a folder
e.g. c:\hjt\hijackthis.exe
The reason being that when it creates backups it's a good idea to be able to find them again, rather than having to search the hard drive for them.

Cheers

0

Do as suggested above and then run this program and then rerun hikackthis and posta new log .
,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
[

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

0

Hi Dave & Caperjack,

I have no access to the internet on the laptop so I downloaded HijackThis to its hard drive that i'm sharing on the network. Therefore I cannot do an auto update. I tried uninstalling the old version and reinstalling from the link you sent me but it is still version 1.97.1. What do you recommend now? Thanks

0

most important thing would be to get the CWShredder program and run it .it should clean most of what is bad in the hijack log .

0

Do as suggested above and then run this program and then rerun hikackthis and posta new log .
,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
[

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

Caperjack, I started my PC in safemode and ran CWShredder. It reported that my computer is completely clean.

0

Reboot into safe mode following the instructions here and rescan with hijackthis. When the scan is finished tick the boxes next to all the following entries, then close all browser and explorer windows, and tell HijackThis to "Fix checked."

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

0

Those entries are CWS domains, so the shredder should have picked them up. Did you have internet explorer closed? Did you *fix* and not *scan* only?

0

Those entries are CWS domains, so the shredder should have picked them up. Did you have internet explorer closed? Did you *fix* and not *scan* only?

Hi Crunchie, i had all IE windows closed when I ran the shredder and ran Scan (which didn't result in anything) and fix (said system was clean). I booted in safe mode and the items you suggested I remove are no longer present. Here is the most recent Log:
-------------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 4:17:18 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jacksonville.com/
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Active Shockwave) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37740.9121527778
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
-------------------------------------------------------------

0

Actually this is what I get when I run CWshredder (Scan only):

CWShredder v1.59.1 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Windows 98 (4.10.2222 A)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\SYSTEM
AppData folder: C:\WINDOWS\Application Data
Username:

Hosts file not present
Found Win.ini file: C:\WINDOWS\win.ini (8383 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=hpfsched
Found System.ini file: C:\WINDOWS\system.ini (2210 bytes, A)
Found line in System.ini: shell=Explorer.exe

- END OF REPORT -

0

1. The HijackThis link in my sig below should take you to the latest (1.98.2) version.

2. Open a DOS box. What are the results of running the following 4 commands?

ping www.google.com
ping 216.239.57.147
ping the IP address of your router (if you're using a router, obviously)
ping 127.0.0.1

3. Are you getting your IP info automatically (via DHCP), or did you enter your IP address, subnet mask, gateway IP, etc. manually?

0

1. The HijackThis link in my sig below should take you to the latest (1.98.2) version.

2. Open a DOS box. What are the results of running the following 4 commands?

ping www.google.com
ping 216.239.57.147
ping the IP address of your router (if you're using a router, obviously)
ping 127.0.0.1

3. Are you getting your IP info automatically (via DHCP), or did you enter your IP address, subnet mask, gateway IP, etc. manually?

Here is the latest log from version 1.98.2:
I am restarting and will post the ping info in a minute

Logfile of HijackThis v1.98.2
Scan saved at 4:34:05 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
A:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jacksonville.com/
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

0

1. The HijackThis link in my sig below should take you to the latest (1.98.2) version.

2. Open a DOS box. What are the results of running the following 4 commands?

ping www.google.com
ping 216.239.57.147
ping the IP address of your router (if you're using a router, obviously)
ping 127.0.0.1

3. Are you getting your IP info automatically (via DHCP), or did you enter your IP address, subnet mask, gateway IP, etc. manually?

Hey DMR, I ran COMMAND and it gives me a C:\WINDOWS\Desktop> Is that correct?
Anyways, i typed in ping www.google.com and I get an error stating "The PING.EXE files is linked to missing export ICMP.DLL:IcmpCreateFile."
I get this error for all ping tries.
It looks like I need to reinstall this file somehow.

Yes I am getting IP info automatically from DHCP, I currently have 3 other computers on the Netgear router that have are are working just fine.

Thanks

0

Hey DMR, I ran COMMAND and it gives me a C:\WINDOWS\Desktop> Is that correct?
Anyways, i typed in ping www.google.com and I get an error stating "The PING.EXE files is linked to missing export ICMP.DLL:IcmpCreateFile."
I get this error for all ping tries.
It looks like I need to reinstall this file somehow.

Yes I am getting IP info automatically from DHCP, I currently have 3 other computers on the Netgear router that have are are working just fine.

Thanks

I restarted and tried to ping www.google.com and my router and this was displayed "NO PACKET DRIVER FOUND"

I can see all of my networked computers on the laptop's Network Neighborhood, but I still cannot access the internet.

0

Your HJT log doesn't seem to indicate any foul play (and yes, it appears that you did run the pings correctly), so this may be more of a general networking problem/question; but it does sound as though your network software has been corrupted somehow.

1. Can you give details on the history of the problem please?

2. What version of Windows are the other computers on the network running?

0

Your HJT log doesn't seem to indicate any foul play (and yes, it appears that you did run the pings correctly), so this may be more of a general networking problem/question; but it does sound as though your network software has been corrupted somehow.

1. Can you give details on the history of the problem please?

2. What version of Windows are the other computers on the network running?

Yes DMR, the other computers on the network is a Windows 98 system and two XP computers. This problem computer is a Laptop P2 433Mhz running windows 98se.
Do you have any idea where I can get Windows 98 networking files TCP/IP etc, etc. Since I don't think it is a good idea to install the files ffrom the current windows/system folder.

0

Your HJT log doesn't seem to indicate any foul play (and yes, it appears that you did run the pings correctly), so this may be more of a general networking problem/question; but it does sound as though your network software has been corrupted somehow.

1. Can you give details on the history of the problem please?

2. What version of Windows are the other computers on the network running?

Hey DMR, it doesn't look like my response was posted. Here it is again:

1) Have only used this PC to connect via dial-up about one year ago. It has never been part of a network and doesn't have an ethernet port so I hooked it up to a USB ethernet adapter. I can access files on it and from my other PCs. Get "The page can not be displayed" on IE 6.0. Similar result on Firefox. IE LAN settings are on auto detect.
Using netgear mr814v2 wireless router, but all PCs connected are wired.

2) PCs on network:
Windows 98 desktop -works fine
Windows XP desktop -works fine
Windows XP laptop - works fine
Windows 98se <<problem computer

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.