Working Offline (HiJack LOG)

When I first boot up my computer and windows loads sometimes I have been getting the message "cannot view page offline--connect? "

Also this happens when I have tried to open up "my documents" or "my computer" using the desktop icon.

Sometimes when I am online and I want to load a page it will give me the same message. I dont understand this. I have had problems with spyware and such problems could this be from that?

The following is my HiJack log I need help with

Logfile of HijackThis v1.98.2
Scan saved at 7:05:08 PM, on 4/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\HPLAMPC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com/to.php?ID1=386&ID2=47232421&ID3=37434321353&ID4=0&ID5={77E61639-B355-11D9-9742-444553540000}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...00000&D=0&I=7.NQ1&L=&M=1069056000000&N=EM&O=A
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\IPREG32.DLL
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - C:\WINDOWS\SYSTEM\BHOMOD.DLL
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb01.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.5.28/flinger/flinger-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.28/lottso/lottso-ob-assets.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c9.cab
O16 - DPF: {4CA63E37-8EC7-73F8-D8F6-400F2ED88ADB} - http://205.252.161.238/1/rdgUS1799.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Thanks again guys
Also I have found that I have searchnugget on my computer and my spybot and adaware arent getting rid of it. What do you recommend??
Love ya'll
Daisy

 

Hello, this shouldn't be too hard to do.
With all internet browsers and windows explorer windows closed, remove these with HJT.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com/to.php?ID1=386&ID2=47232421&ID3=37434321353&ID4=0&ID5={77E61639-B355-11D9-9742-444553540000}
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\IPREG32.DLL
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - C:\WINDOWS\SYSTEM\BHOMOD.DLL
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...e/bridge-c9.cab
O16 - DPF: {4CA63E37-8EC7-73F8-D8F6-400F2ED88ADB} - http://205.252.161.238/1/rdgUS1799.exe

When done with HJT, Shut down, choosing Restart in Dos Mode. Then do these commands at the prompt for a good cleanup, and for the reason one file is invisible to Windows Explorer. The first command will appear to do nothing.
smartdrv
deltree c:\windows\cookies
deltree c:\windows\history
deltree c:\windows\temp
deltree c:\windows\tempor~1
deltree c:\windows\downlo~1\ipreg32.dll
Type a Y that you want to delete, check for typos at this time. When done, reboot, and windows will rebuild those folders as it starts up.

Then use Windows Explorer, set the Folder Options to Show All Files, and delete these files.
C:\WINDOWS\SYSTEM\cmd32.exe
C:\WINDOWS\System\spoolsrv32.exe
C:\WINDOWS\SYSTEM\BHOMOD.DLL
C:\WINDOWS\SYSTEM\Loader.dll

Surf for a bit, then post a new log to see if you are clean.

BTW, the below item is not necessary for windows to have running, you're better off without it.
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
If you decide to remove it, delete all the files located in the C:\Windows\Applog folder. Defrag will run better.

 

The following 3 items will not delete from HiJackThis:

O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.static.topconverting.com

The following command seemed to do nothing--is this normal?

deltree c:\windows\tempor~1

The following files were not found in Windows Explorer:

C:\WINDOWS\SYSTEM\cmd32.exe

C:\WINDOWS\SYSTEM\BHOMOD.DLL

C:\WINDOWS\SYSTEM\Loader.dll

The following file has giving me the most problems, this file will not delete from HiJackThis. I also cannot delete it from Windows Explorer becuase it is either write protected or in use. So I thought that I could fix the problem by removing it from the start up list in msconfig--wrong! Upon restarting my computer I see that it relisted itself in my start up. No matter what I do it comes back:

C:\WINDOWS\SYSTEM\spoolsrv32.exe


I removed Taskmon from HJT and The applog files. That seemed to go well. Now what do I do with this stupid spoolsrv32? Thanks for all this help guys!

Daisy

 

The following command seemed to do nothing--is this normal?

deltree c:\windows\tempor~1
Your Temporary Internet Files are not located in the default location is all that means. Would you delete them, and check the box for Offline Content when you do?

Those other files not being found is fine, the listings for them were orphans from a previous cleanup.

There are two ways to delete that file. By Restart in Dos Mode, and use this command.
deltree c:\windows\system\spoolsrv32.exe

Or get the Killbox. Open it, and look where it says {System Process} and click on the down arrow there. If you see "spoolsrv32" listed there, highlight it and click on the yellow triangle, this should terminate it from running.
Then Copy/Paste this line into where it says Full Path of File to Delete.
c:\windows\system\spoolsrv32.exe
Then click on Delete on Reboot, then click on the red circle with the X. Reboot and the file will be gone, you should see the message about 'files being updated' when starting up.

Then try removing those lines in HJT, and then please post a new log.