1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unstable internet connection

Discussion in 'Web & Email' started by ChicagoPanda, Sep 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. ChicagoPanda

    ChicagoPanda Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    7
    I have been experiencing irratic internet access over the past twenty four hours. I'm not sure if it is the server or my system. Below is the Hyjack this log, would one of you technical wizards please confrim there is nothing there to be concerned about.

    I am able to open the internet about fifty percent of the time, even though he modum and router both indicate everything is OK. Then on those occasions I don't get the error page about connections, I can only open a few windows before the system becomes unstabel again and access is disrupted. I've been booting and reboot, cleaning all the files, deleting passwords, etc.

    As you can see I have a few moments of access.

    I may or may not be able to get back to read the message. I'm on highspeed cable, and dealt with the ISP this morning, got back on line only to be grounded again shortly thereafter.

    Thanks

    Logfile of HijackThis v1.96.0
    Scan saved at 11:30:34 PM, on 9/11/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
    C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    E:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coldwellbanker.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~3\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O8 - Extra context menu item: Search &Infoseek - C:\WINDOWS\web\selmenu.htm
    O8 - Extra context menu item: Translate &Text - C:\WINDOWS\web\tranmenu.htm
    O8 - Extra context menu item: &Translate Page - C:\WINDOWS\web\urlmenu.htm
    O8 - Extra context menu item: Search Using Express - C:\Program Files\Infoseek\Express\Program\webdocs\search_phrase_IE.html
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O8 - Extra context menu item: Atomica... - file:C:\PROGRA~1\ATOMICA\ATOMIC~1\Html\griemenu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: PD (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: http://*.foodtv.com
    O15 - Trusted Zone: http://housecall.antivirus.com
    O15 - Trusted Zone: http://www.police.edmonton.ab.ca
    O15 - Trusted Zone: http://www.gov.edmonton.ab.ca
    O15 - Trusted Zone: http://www.ede.org
    O15 - Trusted Zone: http://www.spreadgood.com
    O15 - Trusted Zone: http://www.exn.ca
    O15 - Trusted Zone: http://www.nationallampoon.com
    O15 - Trusted Zone: http://www.famousplayers.ca
    O15 - Trusted Zone: http://ecardview.hallmark.com
    O15 - Trusted Zone: http://www.hallmark.com
    O15 - Trusted Zone: http://www.boma.ca
    O15 - Trusted Zone: http://www.creb.com
    O15 - Trusted Zone: http://www.oldscollege.ab.ca
    O15 - Trusted Zone: www.canadahomesearch.com
    O15 - Trusted Zone: http://www.homesacrosscanada.com
    O15 - Trusted Zone: http://www.marriott.com
    O15 - Trusted Zone: http://inc.toysrus.com
    O15 - Trusted Zone: http://news.bbc.co.uk
    O15 - Trusted Zone: http://www.dreammates.com
    O15 - Trusted Zone: http://www.coldwellbanker.ca
    O15 - Trusted Zone: http://www.tropico2.com
    O15 - Trusted Zone: http://spybot.safer-networking.de
    O15 - Trusted Zone: http://www.msn.com
    O15 - Trusted Zone: http://www.helponthe.net
    O15 - Trusted Zone: http://forums.techguy.org
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Template Gallery) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://maps.gov.edmonton.ab.ca/acgm705/acgm.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37861.9023842593
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/ca/TemplateGallery/msotd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab

    11:42 PM 9/11/03
     
  2. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    Not being an expert on deciphering HiJack This logs, I won't try but...

    It looks like you have two anti-virus programs running, Norton AV and AVG. That alone will create problems. There's no problem in having two intalled, the problems arise when both are running. Just disable the "full time protection" on one or the other, then keep both updated and use the disabled one for a backup, "fail safe" manual scan when needed.

    It also looks like you've picked up some spyware along the information super highway. I suggest you download, install, immediately update and then run Spybot and/or AdAware (you can use them both.) Let them clean up any spyware found.

    Then post back with a new HiJack This log.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,815
    First Name:
    Frank
    Ditto! You don't want to have 2 anti-virus programs running at the same time. (n)

    Your startup load could use some trimming down. I see several at a glance that don't need to be running in the background.

    Other than ScanRegistry, SystemTray, and your antivirus programs, you will find that you can disable many of the rest. (y)

    Frank's Windows 95/98 Tips
     
  4. ChicagoPanda

    ChicagoPanda Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    7
    Thank You,

    I have spybot up to date, and nothing comes up. I'll look for the other and see if it shows anything. I'm using Nortons as the fire wall and AVG as the anti virus. In trying to contact the ISP this AM it appears they are swamped, so it may be a localized problem.

    Once again this AM I got an email that passed around the mailwasher program and downloaded as apriority message. Can you decipher what this is all about. I for one think this may be part of the source of the problem.

    Can you see anything in the HTML, or information here that gives a clue as to how it is bypassing all the blocks?

    Thanks.



    Return-path: <[email protected]>
    Received: from pd7mr3no.prod.shaw.ca
    (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    with ESMTP id <[email protected]> for [email protected]; Fri,
    12 Sep 2003 07:22:29 -0600 (MDT)
    Received: from pd8mi3no.prod.shaw.ca
    (pd8mi3no-qfe2.prod.shaw.ca [10.0.149.146]) by l-daemon
    (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    with ESMTP id <[email protected]> for [email protected]
    (ORCPT [email protected]); Fri, 12 Sep 2003 07:22:26 -0600 (MDT)
    Received: from spamicide.dexagon.com (host96.dexagon.net [159.18.127.96])
    by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    with ESMTP id <[email protected]> for [email protected]; Fri,
    12 Sep 2003 07:22:26 -0600 (MDT)
    Received: from webmail.coldwellbanker.ca
    (webmail.coldwellbanker.ca [159.18.127.95])
    by spamicide.dexagon.com (BorderWare MXtreme Mail Firewall)
    with ESMTP id 2818F3B7A8 for <[email protected]>; Fri,
    12 Sep 2003 09:23:46 -0400 (EDT)
    Received: from adsl-64-170-148-66.dsl.sntc01.pacbell.net ([64.170.148.66])
    by webmail.coldwellbanker.ca with smtp (Exim 3.35 #1 (Debian))
    id 19xnlo-0003e2-00 for <[email protected]>; Fri,
    12 Sep 2003 09:15:28 -0400
    Received: from [63.24.88.22] by adsl-64-170-148-66.dsl.sntc01.pacbell.net with
    ESMTP id <467196-82218>; Fri, 12 Sep 2003 13:06:24 -0100
    Date: Fri, 12 Sep 2003 13:06:24 +0000 (GMT)
    From: Alexandria Mccauley <[email protected]>
    Subject: Cheaper Viagra g nn m dgcqxdjultwt
    To: [email protected]
    Reply-to: Alexandria Mccauley <[email protected]>
    Message-id: <[email protected]>
    MIME-version: 1.0
    X-Mailer: MIME-tools 5.503 (Entity 5.501)
    Content-type: multipart/alternative; boundary=A9.002..8DF
    X-Priority: 1
    X-MSMail-priority: High
    X-MailScanner: Found to be clean
    Original-recipient: rfc822;[email protected]


    --A9.002..8DF
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable

    <html>

    <head>
    <title>New Page 1</title>
    <meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 3.0">
    </head>

    <body>

    <p><br>
    </p>

    <p align=3D"center"><font face=3D"Verdana, Arial, Helvetica, sans-serif" s=
    ize=3D"3"
    color=3D"#ff0000"><big><b><big>Do<utter>n't wa<contradistinction>ste yo<=
    electroencephalography>ur mo<imitate>ney</afforest></vicious></=
    destroy></asiatic></big></b></big></font><RND04></RND04></RND04>=
    </p>

    <p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
    s-serif"><font
    color=3D"#009933" size=3D"4"><br>
    Pa<mennonite>y 6<hendricks>0% Less<br>
    For<eloise> Generic<doolittle> VIA<whistle>GRA </=
    heathkit></applicable></bravo></pantry></arrangeable><=
    /font><br>
    <dodd><cohesion><solidify></authenticate></burr></=
    salesmen></font></b></RND04></p>

    <p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
    s-serif"><font
    color=3D"#ff0000">* Sa<yaqui>me Ingredients *<br>
    * Sam<usaf>e Resu<peaceful>lts*</forborne></pion><=
    /parakeet></font><wilcox></balfour></font></b></RND04></p>

    <p align=3D"center"><RND04><b><font face=3D"Verdana, Arial, Helvetica, san=
    s-serif"><quadruple><br>
    <a href=3D"http://[email protected]/host/default.asp?id=3D01910">=
    Pre<furious>ss Her<december>e To S<operon>ee
    Fo<l'vov>r Your<anybody'd>self</resilient></houghton></=
    isn't></bestowal></pancreas></a><br>
    <br>
    <small><small><small>(free &amp; disc<aqua>reet ship<=
    brittle>ping, fr<duration>ee doc<genesco>tor's consultation,=
    <br>
    ez online form - order some today !)<br>
    </wabash></dietrich></chortle></etymology></small></smal=
    l></small></aforementioned></font></b></RND04></p>

    <p align=3D"center"><font size=3D"1"><a
    href=3D"http://[email protected]/host/emailremove.asp">cli<!-=
    -mjywzz3p6or-->ck h<!--v412um8homzy-->ere t<!--116b5mui8gy-->o b<!--i7ogij=
    1ze2wgk4-->e re<!--2rdm1p32nrr-->m<!--dlodhoyf0m8-->oved</a></font></p>
    </body>
    </html>

    </p>
    </big></b></big></font>
    </body>
    </html>
    </p>
    </big></b></big></font>
    </body>
    </html>
    yvdfvidyj ookpo
    d

    --A9.002..8DF--
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164179

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice