Hi All, just started having this problem. The modem will dial up and shows the message that it has connected successfully but IE, OE, Yahoo Chat, etc. won't connect/can't find the internet. Tried reinstalling IE6 no-joy. Should I remove and reload the modem or the modem software??

Win98
256k RAM
20 Gig
Intel HaM Data Fax Voice 56k
Earthlink ISP

My laptop connects with no problem using the same: phone line, number, and ISP.

Thanks for any help. I just don't know where to look to find out why the programs aren't connecting to the modem.

Steve

Could be your modem is bad. You could just delete the modem from device manager and reboot and install it again. I would pull up your laptop next to your home machine and go through your tcp/ip properties and make sure they are all correct first.

Welcome to http://www.pcguide.com/ubb/pcgubb.gif

Is this a new modem or was it working ok before?? Are you running a firewall or other security software?? I recently had a similar problem due to an attempt to fix something that wasn't broken, dealing with the LSP. Let us know more about the situation and we can do more problem solving....

It was working before I left for work, after I got home it was acting slow and then when I went to my home page IE would switch over to incredifind.com and any site that I tried to goto it would do the same thing(go to incredifind). So I ran ad-aware and deleted a bunch of stuff. But it still would do the same and even though the modem rings through and says it has connected nothing else happens. I will undo the modem and reinstall it and see what happens.

Thanks:D

Your registry has been hacked most likely.

Along with Adaware, run Spybot Search and Destroy
Then with an updated antivirus program run it.
Then run HijackThis and post a 'copy' of the log here.

I'm willing to bet there's a lot that will shoe up on that log even after the other utilities do their best to rid your system of what they find.

Back again,
Found something else when I was transfering files to the 'puter that isn't working right. There is a program that shows up in taskmanager and its on the hijackthis log 'Wupdater.exe' on taskmgr it says not responding. Could this be the culprit of my problems and if so where do I find it to get rid of it or shut it off???

There are a few suspicious items in your log and 'Wupdater.exe' is definitely malware...

Install HJT into a folder so that you can reverse any changes that we make if there are problems, you are running in a temp file right now. Then run it again and fix:

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

These files are suspicious, but I can't find out what they are. If you don't recognize them, you can fix them and see if it causes any problems:

O4 - HKLM\..\Run: [ssvadsya] C:\WINDOWS\bsqaynbe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.usaa.net/?cookieset=L29wdC94bWwvZWFydGhsaW5rLm5ldC94bWw1LzA wMjY4L3NraGZyZWl0L3BzcC54bWw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.usaa.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.peoplepc.com/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {E6F9B84C-ACCB-C4EA-A375-589BFD486ECB} - C:\windows\system\ubqlsqva.dll
O2 - BHO: (no name) - {DE7E7DA1-F7F6-9A08-5C3A-12F07A1FDD53} - C:\windows\system\qovxhdsc.dll

This file:

O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe

is explained here: "Associated with digital cameras and known to cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. It is even money if you will be able to read the files off the camera without this"

This one is subject to debate whether it is bad or not:

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

You may have to find and delete this C:\WINDOWS\BSQAYNBE.EXE if it turns out the associated O4 entry is bad...

Once you make whatever changes you decide to try, reboot and run HJT again. This time please copy and paste into the post here, it is much more difficult to work with when it is in a text file....

Incredifind is one spyware...
so is Myway search assistant
and 'Wupdater.exe'

Did you use Spybot?!?!?
I find it does a better job than Adaware
Please do as my previous post and in the order I listed them. Then post your log again.

Edit: Your pc is loaded with malwares! Might want to run SwatIt also prior to the new log from HJT.

Thanks for the inputs, I'll give them a shot.

Whats the best way to post the log file here?? I saved it to a floppy and then tried to post it as a log file but the forum wouldn't let me, so I resaved it as .txt so the it could be uploaded.

I ran spybot before HJT and got a bunch of hits. Haven't run an anti-virus yet.

Thanks again.

Well, the antivirus is probably the first thing to run. HJT is generally the last option after you have checked all the automated things. I didn't see any obvious viruses in your log, but some of the files I couldn't ID may have been...

To post the log here, you simply save the scan and it will produce a window with the log in it when you do so. You Right Click and select Copy, go to your Reply here and simply Right Click and Paste into the Reply.

BTW, make sure you don't have anything blocked from running in MSConfig and close all browser windows before running HJT. You can open the window and come here once the scan is completed. This will give us the most complete info to work with....

First, please download Lspfix (http://www.cexx.org/lspfix.zip)
Unzip and run it. Tell it to remove every instance of "lsp.dll" (and ONLY lsp.dll)
You will have to click the "I know what I'm doing" button.

Next have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.usaa.net/?cookieset=L29wdC94bWwvZWFydGhsaW5rLm5ldC94bWw1LzA wMjY4L3NraGZyZWl0L3BzcC54bWw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.usaa.net

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.peoplepc.com/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL


O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {E6F9B84C-ACCB-C4EA-A375-589BFD486ECB} - C:\windows\system\ubqlsqva.dll
O2 - BHO: (no name) - {DE7E7DA1-F7F6-9A08-5C3A-12F07A1FDD53} - C:\windows\system\qovxhdsc.dll

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [ssvadsya] C:\WINDOWS\bsqaynbe.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

Reboot, and delete the file C:\WINDOWS\bsqaynbe.exe
and the folder C:\Program Files\Common files\updater

BINGO

Thanks David and Budfred!!!

Ran the lsp and removed the stuff through HJT and the desktop now seems to be on the net like before.:D

Thanks again
Steve

Glad to hear that... Please reboot and run HJT again so that you can post a fresh log so we can make sure it is all gone.

Also, this would be a good time to check all your security software and make sure you have a good working firewall and antivirus. Consider using SpywareBlaster and run Spybot and/or AdAware regularly. It is a nasty web out there if you aren't careful....

Finally I'll get the HJT list posted. Almost everytime I go to do it something goes wrong with this computer. This morning the mouse wouldn't work on the pad but works fine on the bare desk, go figure.

Logfile of HijackThis v1.97.7
Scan saved at 9:13:51 AM, on 1/2/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\WINDOWS\DRIVEMNU.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\MY APPLICATIONS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.usaa.net/?no=cookieset
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B:Software\Intel\HaM
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - Startup: DriveMenu.lnk = C:\WINDOWS\DRIVEMNU.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mng: c:\progra~1\intern~1\PLUGINS\NpHcd32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://adeskftp.autodesk.com/webpub/whip/english/whip.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.ordertire.com/CFIDE/classes/CFJava.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/aess11.cab

Still bad and needs to go. These seem to be new and may have been installed after the other fixes. Make sure your security software is up to date, especially with something like SpywareBlaster which is designed to protect against reinfection:

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalO...DMO1/aess11.cab

May be bad, do you recognize and know to be safe:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.usaa.net/?no=cookieset