highjack

hope i am doing this right.new at it.how do i post highjack log? if i post it,will someone that know what they are doing check it for me? been having ie6 crashes.got and ran spybot,adaware,spyblaster and avg.didn't find anything.running windows me.upgraded from 98se.thanks

 

You did just fine. Have you tried first, a repair of IE? From add/remove programs in the Control Panel, locate IE and select to change/remove. You should be offered an option to repair.

To post a HJT log, download HijackThis.exe from here. Save it to a permanent folder (I create a new folder in C:\ named HJT). Open and click scan, then save log. Once it is saved it will open in notepad. Select all from the edit button, copy and paste the results here in a reply to this thread. Do not attempt to fix anything with it yet!

 

highjack log

yes,tried that several times. cant get the log to paste here.will post back as soon as i can.thanks

 

highjack log

Logfile of HijackThis v1.98.2
Scan saved at 6:06:23 PM, on 11/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TWAIN_32\FLATBED\SBUTTON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\DOWNLOADS\HIGHJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westpa.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SmartButton] C:\WINDOWS\Twain_32\FlatBed\SButton.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab

 

Please open msconfig and place a check next to all entries on the startup tab and OK out. Allow restart and create a new HJT log, then post it.

Could you also give a bit more detail about what happens with IE.......error messages, while accessing certain sites, when opening new windows, etc.

 

highjack log

hi.i get the online report thing saying explorer has encountered a problem and will close.when i click send or dont send,it closes explorer. also,i get a lot of explorer has caused a problem in mshtml.dll or urlmon.dll.might be my imagination but,seems to happen after the avg,spybot or adaware is run.
Logfile of HijackThis v1.98.2
Scan saved at 7:51:30 PM, on 11/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TWAIN_32\FLATBED\SBUTTON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\DOWNLOADS\HIGHJACK\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westpa.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SmartButton] C:\WINDOWS\Twain_32\FlatBed\SButton.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\MSN Messenger\\msmsgs.exe /background
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab

 

The only thing in that log that really needs to be fixed is the following entry.

R3 - Default URLSearchHook is missing

Just scan again and place a check next to it, close all other windows and click fix.

This one suggests you may need to reinstall SpywareGuard.

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

Some of the startups are optional, and can be turned off in msconfig, as you had done already. (just needed to make sure you hadn't killed any baddies in msconfig)

There are quite a few possible causes for the mshtml error, so I am providing some links for you to try some of the suggestions.

MSHTML Errors

more

From the second link, a couple of things you might try first.

If you need further assistance with doing anything, don't hesitate to ask.

 

system crash

thanks dave.will try this.i dont have sfc on my puter.how do i find the wsock.dll?

 

me again. from what i am getting from the links you gave me,i have a different version of mshtml.dll than i am suppose to have for ie6.i have version 6028001476.suppose to have version 602600.0.do you think that could be the problem? i have reinstalled ie6 a couple times.it didn't change. i also disabled the virus and spyware programs.haven't had a crash since.also,i dont have a windows me disk.i dont have spyware guard anymore.thought that might be from the spybot.i will keep plugging at it.thanks for the links.learned alot from them.

 

I would say that the newer file version you have should be ok, and that you have attributed the error to a program. Now, which one. If you no longer have SpywareGuard, has it been uninstalled from add/remove programs list? Leftover files and/or folders deleted? Suggest you also fix it's entry in HijackThis. Running a registry cleaner, such as RegSeeker would help clean up orphaned entries too. Notice you have AVG version 6, which is no longer supported. Recommend you download version 7 and while offline, uninstall 6 and then install 7. Update it as soon as you're back online.

 

system crash.

thanks again.i did remove spywareguard from add remove.i thought i got all the leftover files and folders.i fixed it in the hjt.still have spy bot disabled.still no crashes.i will update the avg.i used the jv16 power tools also.i got rid of stuff i thought was gone from here ages ago with it.

 

Careful with that one (jv16). It's powerful. Sometimes too powerful.

Let us know how it goes over the next few days.

 

system crash

i will let you know. that scares me about the jv16 power tools.is there any program that is a little safer for me since i know very little about these things?i didn't let it take off anything i didn't reconize.just old programs i knew i took off a long time ago.thanks again

 

As long as you're being careful and selective about what you let it remove, jv16 is a good cleaner, and you shouldn't have any problems. I use RegSeeker, which is what I recommended above. Open the program, maximize the window and click clean registry. When scan is complete,verify the backup box in lower left corner is checked and click the select all button. Then right click within the search results and select delete. Now do a quick check of your installed program's functionality. I've never had RegSeeker remove anything vital that it wasn't supposed to, but you never know. If all is well, run it again and again until it comes up clean, again checking programs between runs. Should something go wrong, click the backup button and restore last run, then rerun and exclude entries associated with whatever it broke. Click the histories button and there are choices to clean up the start menu, typed URLs, TIFs you thought were gone, stream MRU keys, etc (I don't allow backups of these). Use them too, and do another clean registry. It probably wouldn't even be a bad idea to run it again after reboot.

 

Just wanted to post in to correct an error. Support for AVG 6 has not yet ended. It will be supported until Dec 31, 2004. Version 7 is still in beta form until then. Just had it stuck in my head that it was endind and got trigger happy.

 

system crash

me again. i installed regseeker.it found 800 entries.most say,no file or folder found or,invalid activex/com.just wanted to double check and make sure it was ok to delete them.yeah,i went on avg page and saw it was ok to use till dec.thanks

 

Some will say not to delete the ActiveX and unused open with entries, but I always have and have never suffered any adverse effects by doing so.

 

ok, deleted everything.so far so good.only thing is,i cant get into windows setup thru add remove now.get error message.explorer has caused error in krnl386exe.should i download that fix from regseeker site?

 

Yes, download the fix and double click to merge it to the registry. Glad to hear everything else is working as it should too.

 

here i am again.downloaded the file from regseeker site.when i try to merg,it tells me.cannot import,the specified file is not a registry script.you can only import registry files.i hate to undo the regseeker scans.puter is working good now.thanks.