Hi,

Could someone please check my log file. I need to start someplace! Puter has been acting up.

Thanks

Hi big ed :)

sorry but I don't see one ???

-{ Quote: "Go to http://www.tomcoyote.org/hjt and download "HijackThis!" (via button in the left section with flashing green light next to it). Unzip it. Run the HijackThis.exe file and press the [Scan] button... When the scan is finished, the [Scan] button will change into a [Save Log] button. Press that, save the log somewhere and paste the contents into a post here for us to look at.

Note that much of what will be listed there is correct and should not be fixed!! So, just post the output here and let's see if the people here can help identify the problem." }-

SpyD 8)

Logfile of HijackThis v1.97.3
Scan saved at 3:43:49 PM, on 11/5/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;
64.136.29.34;127.0.0.1;localhost;*windowsupdate.microsoft.com;
*windowsupdate.com;*wustat.windows.com;*.nyc.office.juno.com;*.corp.netzero.net;
*.kbb.com;*.flipdog.com;*.pogo.com;*test-speed.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?snipped>
F1 - win.ini: run=hpfsched
O1 - Hosts: 216.148.246.172 www.masslottery.com
O1 - Hosts: 65.54.206.118 computingcentral.msn.com
O1 - Hosts: 12.129.206.103 www.bombayinstitute.com
O1 - Hosts: 209.133.53.130 www.annoyances.org
O1 - Hosts: 206.102.88.57 www.getfuzzy.com
O1 - Hosts: 66.28.250.176 www.wunderground.com
O1 - Hosts: 216.131.94.229 www.qixo.com
O1 - Hosts: 217.69.36.62 www.fiso.co.uk
O1 - Hosts: 63.147.65.64 www.berkshireeagle.com
O1 - Hosts: 66.216.98.205 www.na-pca.org
O1 - Hosts: 63.174.210.226 www.surpluscenter.com
O1 - Hosts: 69.49.233.43 www.smallenginedistributors.net
O1 - Hosts: 65.121.78.100 www.overstock.com
O1 - Hosts: 66.45.25.55 www.agweb.com
O1 - Hosts: 216.173.234.170 quickfares.bestfares.com
O1 - Hosts: 24.24.1.140 aroundcny.com
O1 - Hosts: 216.45.19.33 www.tek-tips.com
O1 - Hosts: 64.29.193.182 www.pcpitstop.com
O1 - Hosts: 66.227.68.99 www.wilderssecurity.com
O1 - Hosts: 64.63.192.122 www.freedomlist.com
O1 - Hosts: 38.114.129.206 www.techtv.com
O1 - Hosts: 66.150.0.204 tweakhomepc.virtualave.net
O1 - Hosts: 199.181.135.201 www.abc.com
O1 - Hosts: 207.46.248.106 windows.microsoft.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE"
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.2255787037
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

Sorry about that. I assumed I was supposed to ask before sending the log. Thanks.

Hi big ed,

I can't find much wrong in your log.
Could you try and describe how exactly your computer is "acting up"?

Regards,

Pieter

Hi Pieter,

A few mos. back I replaced my hard drive and reinstalled 98se. Being computer challenged (I'm being kind to myself) I struggled thru the process of getting it up and running. Needless to say I fiddled and diddled so much that I'm not really sure where I'm at. I figured I would at least try to determine if I had any problems in the log. Am I taking the wrong route.

Thanks, big ed

-{ Quote: " quoting: big ed link=board=21;threadid=15910;start=0#msg99198 date=1068091785]
Am I taking the wrong route.

" }-

Like you said yourself, you have to start somewhere, and having a look at what you have running is certainly one of the basics.

But it would help us if we knew, what the problems are.

Regards,

Pieter

Hi Pieter,

Where I live dial up ISP is the only option available for anyone on a limited budjet. I have problems connecting and disconnecting. I also lose the connection frequently. I have been in contact w/ the Isp and have downloaded their program numerous times. also they have sent me instr. on config my modem and checking internet connect.
Most times on shutdown I get hung up. When I hit cont- Alt-del it shows 2 execs and one is highlited as not responding. Rarely can I shut down properly. Also my cursor arrow will often freeze on the screen (if I move the mouse I can hilight things). I have looked in MS support, Win Annoyances, and everywhere else I could think of but have not been successful. If I am asking in the wrong place please advise.

Thanks, big ed

-{ Quote: " quoting: big ed link=board=21;threadid=15910;start=0#msg99267 date=1068128554]
and one is highlited as not responding.
" }-

Which one is that?

Regards,

Pieter

Hi Pieter,

When I attemt to shut down after disconnecting from my dial up I get into never ever land. I hit cont-alt-del and two of the progs. are X1exec and exec. The X1exe will usually but not always indicate that it is not responding. If I hit end task and go back and look it will just show two exec's. I am not able to shut down normally. I have deleted and redownloaded the isp software numerous times to try to rectify. Where am I?

Thanks, Ed

So it is the NetZero software that is giving you the problems.
Do you really need it?
I know ISP´s like to say you do, but this isn´t always true.

Have HijackThis fix: O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
but hold on to the backup it makes of that one!!

Then download BHODemon from http://www.definitivesolutions.com/bhodemon.htm
and use it to disable:
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

Let me know how it goes then.

Regards,

Pieter

Hi Pieter,

I'm way beyond an inferiority complex. I went to hijackthis and fixed and backed up 04-HKLM....... Then I got the BHO thingy and disabled 02-BHO....... I then shut down w/difficulty and rebooted. I ran hijackthis again and the bad guys were still there. I understand that in Holland they allow euthanasia. Maybe I should book a flight.

Sadly, Ed :P

Hi Pieter,

Today I removed my isp prog and reinstalled. I again ran hijack this and successfully removed the 02-BHO and the 04-HKLM. I then rebooted and ran hijack. The 04-HKLM was back on the list. I have shut down and rebooted a few times w/o problems so far. I know I don't have the greatest of isps but I don't have many options.
Thanks for the assistance, big ed :D ??? :D

Hi big ed,

So it was the BHO. Thanks for letting us know how you solved it. :)

Regards,

Pieter

Thanks to all of you for posting this info ... this worked on a clients PC to get rid of the first problem .. Used Hijack this to remove the BHO, and netzero (or the exec) did not show as "not responding".

The problem I think is related to his 'messed up' SpywareBlaster which is an ActiveX blocker and whatever other spyware he has on there.

Now all it wants to say is "you are logged into Netzero" and then 5 minutes later redial (it keeps the NetzeroTV on the screen during this process).

Darn Netzero problems ...

-Jason Nitzberg
Digi-Tek Computer