Unstable internet connection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ChicagoPanda

Thread Starter
Joined
Aug 13, 2003
Messages
7
I have been experiencing irratic internet access over the past twenty four hours. I'm not sure if it is the server or my system. Below is the Hyjack this log, would one of you technical wizards please confrim there is nothing there to be concerned about.

I am able to open the internet about fifty percent of the time, even though he modum and router both indicate everything is OK. Then on those occasions I don't get the error page about connections, I can only open a few windows before the system becomes unstabel again and access is disrupted. I've been booting and reboot, cleaning all the files, deleting passwords, etc.

As you can see I have a few moments of access.

I may or may not be able to get back to read the message. I'm on highspeed cable, and dealt with the ISP this morning, got back on line only to be grounded again shortly thereafter.

Thanks

Logfile of HijackThis v1.96.0
Scan saved at 11:30:34 PM, on 9/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coldwellbanker.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~3\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O8 - Extra context menu item: Search &Infoseek - C:\WINDOWS\web\selmenu.htm
O8 - Extra context menu item: Translate &Text - C:\WINDOWS\web\tranmenu.htm
O8 - Extra context menu item: &Translate Page - C:\WINDOWS\web\urlmenu.htm
O8 - Extra context menu item: Search Using Express - C:\Program Files\Infoseek\Express\Program\webdocs\search_phrase_IE.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Atomica... - file:C:\PROGRA~1\ATOMICA\ATOMIC~1\Html\griemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: PD (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://*.foodtv.com
O15 - Trusted Zone: http://housecall.antivirus.com
O15 - Trusted Zone: http://www.police.edmonton.ab.ca
O15 - Trusted Zone: http://www.gov.edmonton.ab.ca
O15 - Trusted Zone: http://www.ede.org
O15 - Trusted Zone: http://www.spreadgood.com
O15 - Trusted Zone: http://www.exn.ca
O15 - Trusted Zone: http://www.nationallampoon.com
O15 - Trusted Zone: http://www.famousplayers.ca
O15 - Trusted Zone: http://ecardview.hallmark.com
O15 - Trusted Zone: http://www.hallmark.com
O15 - Trusted Zone: http://www.boma.ca
O15 - Trusted Zone: http://www.creb.com
O15 - Trusted Zone: http://www.oldscollege.ab.ca
O15 - Trusted Zone: www.canadahomesearch.com
O15 - Trusted Zone: http://www.homesacrosscanada.com
O15 - Trusted Zone: http://www.marriott.com
O15 - Trusted Zone: http://inc.toysrus.com
O15 - Trusted Zone: http://news.bbc.co.uk
O15 - Trusted Zone: http://www.dreammates.com
O15 - Trusted Zone: http://www.coldwellbanker.ca
O15 - Trusted Zone: http://www.tropico2.com
O15 - Trusted Zone: http://spybot.safer-networking.de
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.helponthe.net
O15 - Trusted Zone: http://forums.techguy.org
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Template Gallery) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://maps.gov.edmonton.ab.ca/acgm705/acgm.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37861.9023842593
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/ca/TemplateGallery/msotd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab

11:42 PM 9/11/03
 

Miz

Joined
Jul 1, 2002
Messages
2,146
Not being an expert on deciphering HiJack This logs, I won't try but...

It looks like you have two anti-virus programs running, Norton AV and AVG. That alone will create problems. There's no problem in having two intalled, the problems arise when both are running. Just disable the "full time protection" on one or the other, then keep both updated and use the disabled one for a backup, "fail safe" manual scan when needed.

It also looks like you've picked up some spyware along the information super highway. I suggest you download, install, immediately update and then run Spybot and/or AdAware (you can use them both.) Let them clean up any spyware found.

Then post back with a new HiJack This log.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Ditto! You don't want to have 2 anti-virus programs running at the same time. (n)

Your startup load could use some trimming down. I see several at a glance that don't need to be running in the background.

Other than ScanRegistry, SystemTray, and your antivirus programs, you will find that you can disable many of the rest. (y)

Frank's Windows 95/98 Tips
 

ChicagoPanda

Thread Starter
Joined
Aug 13, 2003
Messages
7
Thank You,

I have spybot up to date, and nothing comes up. I'll look for the other and see if it shows anything. I'm using Nortons as the fire wall and AVG as the anti virus. In trying to contact the ISP this AM it appears they are swamped, so it may be a localized problem.

Once again this AM I got an email that passed around the mailwasher program and downloaded as apriority message. Can you decipher what this is all about. I for one think this may be part of the source of the problem.

Can you see anything in the HTML, or information here that gives a clue as to how it is bypassing all the blocks?

Thanks.



Return-path: <[email protected]>
Received: from pd7mr3no.prod.shaw.ca
(pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <[email protected]> for [email protected]; Fri,
12 Sep 2003 07:22:29 -0600 (MDT)
Received: from pd8mi3no.prod.shaw.ca
(pd8mi3no-qfe2.prod.shaw.ca [10.0.149.146]) by l-daemon
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <[email protected]> for [email protected]
(ORCPT [email protected]); Fri, 12 Sep 2003 07:22:26 -0600 (MDT)
Received: from spamicide.dexagon.com (host96.dexagon.net [159.18.127.96])
by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <[email protected]> for [email protected]; Fri,
12 Sep 2003 07:22:26 -0600 (MDT)
Received: from webmail.coldwellbanker.ca
(webmail.coldwellbanker.ca [159.18.127.95])
by spamicide.dexagon.com (BorderWare MXtreme Mail Firewall)
with ESMTP id 2818F3B7A8 for <[email protected]>; Fri,
12 Sep 2003 09:23:46 -0400 (EDT)
Received: from adsl-64-170-148-66.dsl.sntc01.pacbell.net ([64.170.148.66])
by webmail.coldwellbanker.ca with smtp (Exim 3.35 #1 (Debian))
id 19xnlo-0003e2-00 for <[email protected]>; Fri,
12 Sep 2003 09:15:28 -0400
Received: from [63.24.88.22] by adsl-64-170-148-66.dsl.sntc01.pacbell.net with
ESMTP id <467196-82218>; Fri, 12 Sep 2003 13:06:24 -0100
Date: Fri, 12 Sep 2003 13:06:24 +0000 (GMT)
From: Alexandria Mccauley <[email protected]>
Subject: Cheaper Viagra g nn m dgcqxdjultwt
To: [email protected]
Reply-to: Alexandria Mccauley <[email protected]>
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: MIME-tools 5.503 (Entity 5.501)
Content-type: multipart/alternative; boundary=A9.002..8DF
X-Priority: 1
X-MSMail-priority: High
X-MailScanner: Found to be clean
Original-recipient: rfc822;[email protected]


--A9.002..8DF
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<title>New Page 1</title>
<meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 3.0">
</head>

<body>

<p><br>
</p>

<p align=3D"center"><font face=3D"Verdana, Arial, Helvetica, sans-serif" s=
ize=3D"3"
color=3D"#ff0000"><big><b><big>Do<utter>n't wa<contradistinction>ste yo<=
electroencephalography>ur mo<imitate>ney</afforest></vicious></=
destroy></asiatic></big></b></big></font><RND04></RND04></RND04>=
</p>

<p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
s-serif"><font
color=3D"#009933" size=3D"4"><br>
Pa<mennonite>y 6<hendricks>0% Less<br>
For<eloise> Generic<doolittle> VIA<whistle>GRA </=
heathkit></applicable></bravo></pantry></arrangeable><=
/font><br>
<dodd><cohesion><solidify></authenticate></burr></=
salesmen></font></b></RND04></p>

<p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
s-serif"><font
color=3D"#ff0000">* Sa<yaqui>me Ingredients *<br>
* Sam<usaf>e Resu<peaceful>lts*</forborne></pion><=
/parakeet></font><wilcox></balfour></font></b></RND04></p>

<p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
s-serif"><quadruple><br>
<a href=3D"http://[email protected]/host/default.asp?id=3D01910">=
Pre<furious>ss Her<december>e To S<operon>ee
Fo<l'vov>r Your<anybody'd>self</resilient></houghton></=
isn't></bestowal></pancreas></a><br>
<br>
<small><small><small>(free &amp; disc<aqua>reet ship<=
brittle>ping, fr<duration>ee doc<genesco>tor's consultation,=
<br>
ez online form - order some today !)<br>
</wabash></dietrich></chortle></etymology></small></smal=
l></small></aforementioned></font></b></RND04></p>

<p align=3D"center"><font size=3D"1"><a
href=3D"http://[email protected]/host/emailremove.asp">cli<!-=
-mjywzz3p6or-->ck h<!--v412um8homzy-->ere t<!--116b5mui8gy-->o b<!--i7ogij=
1ze2wgk4-->e re<!--2rdm1p32nrr-->m<!--dlodhoyf0m8-->oved</a></font></p>
</body>
</html>

</p>
</big></b></big></font>
</body>
</html>
</p>
</big></b></big></font>
</body>
</html>
yvdfvidyj ookpo
d

--A9.002..8DF--
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top