hijackthis log

Discussion in 'privacy problems' started by big ed, Nov 5, 2003.

Thread Status:
Not open for further replies.
  1. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi,

    Could someone please check my log file. I need to start someplace! Puter has been acting up.

    Thanks
     
  2. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi big ed :)

    sorry but I don't see one o_O

    SpyD :cool:
     
  3. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Logfile of HijackThis v1.97.3
    Scan saved at 3:43:49 PM, on 11/5/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;
    64.136.29.34;127.0.0.1;localhost;*windowsupdate.microsoft.com;
    *windowsupdate.com;*wustat.windows.com;*.nyc.office.juno.com;*.corp.netzero.net;
    *.kbb.com;*.flipdog.com;*.pogo.com;*test-speed.com;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?snipped>
    F1 - win.ini: run=hpfsched
    O1 - Hosts: 216.148.246.172 www.masslottery.com
    O1 - Hosts: 65.54.206.118 computingcentral.msn.com
    O1 - Hosts: 12.129.206.103 www.bombayinstitute.com
    O1 - Hosts: 209.133.53.130 www.annoyances.org
    O1 - Hosts: 206.102.88.57 www.getfuzzy.com
    O1 - Hosts: 66.28.250.176 www.wunderground.com
    O1 - Hosts: 216.131.94.229 www.qixo.com
    O1 - Hosts: 217.69.36.62 www.fiso.co.uk
    O1 - Hosts: 63.147.65.64 www.berkshireeagle.com
    O1 - Hosts: 66.216.98.205 www.na-pca.org
    O1 - Hosts: 63.174.210.226 www.surpluscenter.com
    O1 - Hosts: 69.49.233.43 www.smallenginedistributors.net
    O1 - Hosts: 65.121.78.100 www.overstock.com
    O1 - Hosts: 66.45.25.55 www.agweb.com
    O1 - Hosts: 216.173.234.170 quickfares.bestfares.com
    O1 - Hosts: 24.24.1.140 aroundcny.com
    O1 - Hosts: 216.45.19.33 www.tek-tips.com
    O1 - Hosts: 64.29.193.182 www.pcpitstop.com
    O1 - Hosts: 66.227.68.99 www.wilderssecurity.com
    O1 - Hosts: 64.63.192.122 www.freedomlist.com
    O1 - Hosts: 38.114.129.206 www.techtv.com
    O1 - Hosts: 66.150.0.204 tweakhomepc.virtualave.net
    O1 - Hosts: 199.181.135.201 www.abc.com
    O1 - Hosts: 207.46.248.106 windows.microsoft.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.EXE"
    O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
    O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.2255787037
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

    Sorry about that. I assumed I was supposed to ask before sending the log. Thanks.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi big ed,

    I can't find much wrong in your log.
    Could you try and describe how exactly your computer is "acting up"?

    Regards,

    Pieter
     
  5. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi Pieter,

    A few mos. back I replaced my hard drive and reinstalled 98se. Being computer challenged (I'm being kind to myself) I struggled thru the process of getting it up and running. Needless to say I fiddled and diddled so much that I'm not really sure where I'm at. I figured I would at least try to determine if I had any problems in the log. Am I taking the wrong route.

    Thanks, big ed
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Like you said yourself, you have to start somewhere, and having a look at what you have running is certainly one of the basics.

    But it would help us if we knew, what the problems are.

    Regards,

    Pieter
     
  7. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi Pieter,

    Where I live dial up ISP is the only option available for anyone on a limited budjet. I have problems connecting and disconnecting. I also lose the connection frequently. I have been in contact w/ the Isp and have downloaded their program numerous times. also they have sent me instr. on config my modem and checking internet connect.
    Most times on shutdown I get hung up. When I hit cont- Alt-del it shows 2 execs and one is highlited as not responding. Rarely can I shut down properly. Also my cursor arrow will often freeze on the screen (if I move the mouse I can hilight things). I have looked in MS support, Win Annoyances, and everywhere else I could think of but have not been successful. If I am asking in the wrong place please advise.

    Thanks, big ed
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Which one is that?

    Regards,

    Pieter
     
  9. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi Pieter,

    When I attemt to shut down after disconnecting from my dial up I get into never ever land. I hit cont-alt-del and two of the progs. are X1exec and exec. The X1exe will usually but not always indicate that it is not responding. If I hit end task and go back and look it will just show two exec's. I am not able to shut down normally. I have deleted and redownloaded the isp software numerous times to try to rectify. Where am I?

    Thanks, Ed
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    So it is the NetZero software that is giving you the problems.
    Do you really need it?
    I know ISP´s like to say you do, but this isn´t always true.

    Have HijackThis fix: O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
    but hold on to the backup it makes of that one!!

    Then download BHODemon from http://www.definitivesolutions.com/bhodemon.htm
    and use it to disable:
    O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

    Let me know how it goes then.

    Regards,

    Pieter
     
  11. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi Pieter,

    I'm way beyond an inferiority complex. I went to hijackthis and fixed and backed up 04-HKLM....... Then I got the BHO thingy and disabled 02-BHO....... I then shut down w/difficulty and rebooted. I ran hijackthis again and the bad guys were still there. I understand that in Holland they allow euthanasia. Maybe I should book a flight.

    Sadly, Ed :p
     
  12. big ed

    big ed Registered Member

    Joined:
    Aug 12, 2003
    Posts:
    3,137
    Location:
    Ye Olde New England
    Hi Pieter,

    Today I removed my isp prog and reinstalled. I again ran hijack this and successfully removed the 02-BHO and the 04-HKLM. I then rebooted and ran hijack. The 04-HKLM was back on the list. I have shut down and rebooted a few times w/o problems so far. I know I don't have the greatest of isps but I don't have many options.
    Thanks for the assistance, big ed :D o_O :D
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi big ed,

    So it was the BHO. Thanks for letting us know how you solved it. :)

    Regards,

    Pieter
     
  14. ElmerGlue

    ElmerGlue Guest

    Thanks to all of you for posting this info ... this worked on a clients PC to get rid of the first problem .. Used Hijack this to remove the BHO, and netzero (or the exec) did not show as "not responding".

    The problem I think is related to his 'messed up' SpywareBlaster which is an ActiveX blocker and whatever other spyware he has on there.

    Now all it wants to say is "you are logged into Netzero" and then 5 minutes later redial (it keeps the NetzeroTV on the screen during this process).

    Darn Netzero problems ...

    -Jason Nitzberg
    Digi-Tek Computer
     
Loading...
Thread Status:
Not open for further replies.