Hi, Could someone please check my log file. I need to start someplace! Puter has been acting up. Thanks
Logfile of HijackThis v1.97.3 Scan saved at 3:43:49 PM, on 11/5/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\3CMLNKW.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NETZERO\EXEC.EXE C:\PROGRAM FILES\NETZERO\EXEC.EXE C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30; 64.136.29.34;127.0.0.1;localhost;*windowsupdate.microsoft.com; *windowsupdate.com;*wustat.windows.com;*.nyc.office.juno.com;*.corp.netzero.net; *.kbb.com;*.flipdog.com;*.pogo.com;*test-speed.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?snipped> F1 - win.ini: run=hpfsched O1 - Hosts: 216.148.246.172 www.masslottery.com O1 - Hosts: 65.54.206.118 computingcentral.msn.com O1 - Hosts: 12.129.206.103 www.bombayinstitute.com O1 - Hosts: 209.133.53.130 www.annoyances.org O1 - Hosts: 206.102.88.57 www.getfuzzy.com O1 - Hosts: 66.28.250.176 www.wunderground.com O1 - Hosts: 216.131.94.229 www.qixo.com O1 - Hosts: 217.69.36.62 www.fiso.co.uk O1 - Hosts: 63.147.65.64 www.berkshireeagle.com O1 - Hosts: 66.216.98.205 www.na-pca.org O1 - Hosts: 63.174.210.226 www.surpluscenter.com O1 - Hosts: 69.49.233.43 www.smallenginedistributors.net O1 - Hosts: 65.121.78.100 www.overstock.com O1 - Hosts: 66.45.25.55 www.agweb.com O1 - Hosts: 216.173.234.170 quickfares.bestfares.com O1 - Hosts: 24.24.1.140 aroundcny.com O1 - Hosts: 216.45.19.33 www.tek-tips.com O1 - Hosts: 64.29.193.182 www.pcpitstop.com O1 - Hosts: 66.227.68.99 www.wilderssecurity.com O1 - Hosts: 64.63.192.122 www.freedomlist.com O1 - Hosts: 38.114.129.206 www.techtv.com O1 - Hosts: 66.150.0.204 tweakhomepc.virtualave.net O1 - Hosts: 199.181.135.201 www.abc.com O1 - Hosts: 207.46.248.106 windows.microsoft.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE" O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE" O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.2255787037 O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB Sorry about that. I assumed I was supposed to ask before sending the log. Thanks.
Hi big ed, I can't find much wrong in your log. Could you try and describe how exactly your computer is "acting up"? Regards, Pieter
Hi Pieter, A few mos. back I replaced my hard drive and reinstalled 98se. Being computer challenged (I'm being kind to myself) I struggled thru the process of getting it up and running. Needless to say I fiddled and diddled so much that I'm not really sure where I'm at. I figured I would at least try to determine if I had any problems in the log. Am I taking the wrong route. Thanks, big ed
Like you said yourself, you have to start somewhere, and having a look at what you have running is certainly one of the basics. But it would help us if we knew, what the problems are. Regards, Pieter
Hi Pieter, Where I live dial up ISP is the only option available for anyone on a limited budjet. I have problems connecting and disconnecting. I also lose the connection frequently. I have been in contact w/ the Isp and have downloaded their program numerous times. also they have sent me instr. on config my modem and checking internet connect. Most times on shutdown I get hung up. When I hit cont- Alt-del it shows 2 execs and one is highlited as not responding. Rarely can I shut down properly. Also my cursor arrow will often freeze on the screen (if I move the mouse I can hilight things). I have looked in MS support, Win Annoyances, and everywhere else I could think of but have not been successful. If I am asking in the wrong place please advise. Thanks, big ed
Hi Pieter, When I attemt to shut down after disconnecting from my dial up I get into never ever land. I hit cont-alt-del and two of the progs. are X1exec and exec. The X1exe will usually but not always indicate that it is not responding. If I hit end task and go back and look it will just show two exec's. I am not able to shut down normally. I have deleted and redownloaded the isp software numerous times to try to rectify. Where am I? Thanks, Ed
So it is the NetZero software that is giving you the problems. Do you really need it? I know ISP´s like to say you do, but this isn´t always true. Have HijackThis fix: O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE but hold on to the backup it makes of that one!! Then download BHODemon from http://www.definitivesolutions.com/bhodemon.htm and use it to disable: O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL Let me know how it goes then. Regards, Pieter
Hi Pieter, I'm way beyond an inferiority complex. I went to hijackthis and fixed and backed up 04-HKLM....... Then I got the BHO thingy and disabled 02-BHO....... I then shut down w/difficulty and rebooted. I ran hijackthis again and the bad guys were still there. I understand that in Holland they allow euthanasia. Maybe I should book a flight. Sadly, Ed
Hi Pieter, Today I removed my isp prog and reinstalled. I again ran hijack this and successfully removed the 02-BHO and the 04-HKLM. I then rebooted and ran hijack. The 04-HKLM was back on the list. I have shut down and rebooted a few times w/o problems so far. I know I don't have the greatest of isps but I don't have many options. Thanks for the assistance, big ed
Thanks to all of you for posting this info ... this worked on a clients PC to get rid of the first problem .. Used Hijack this to remove the BHO, and netzero (or the exec) did not show as "not responding". The problem I think is related to his 'messed up' SpywareBlaster which is an ActiveX blocker and whatever other spyware he has on there. Now all it wants to say is "you are logged into Netzero" and then 5 minutes later redial (it keeps the NetzeroTV on the screen during this process). Darn Netzero problems ... -Jason Nitzberg Digi-Tek Computer
