Happy Festive Season to all. Just tried to log in via the Main entry port and the forums did not recognise my password, had to go back to OE and enter via the trades peoples entrance:D. Before that I could not get past my dial up, everything froze??
Stefanus :confused: sometimes:D

I'm sorry, but I don't understand what you are talking about. Are you talking about logging on to PCGuide or logging on to the web in general. I also don't know what you mean by the Main Entrance versus the trade people's entrance. Could you explain it in other terms and are you asking for assistance???

Budfred, I was trying to be coloquial and failed :o Sorry!
What I was endeavoring to say is. When I tried to log on to the pcguide.com My password was not recognised, I tied three or four times but was unsuccessful, I the opend OE and clicked on one of the e-mail messages relating to these forums and successfully opened a forum, previous to that I could not get past the dial up window, every thing just froze, even now every thing has slowed down, maybe it is just the system being over loaded. I log on to the net via Microsoft IE
Excuse my attempt at trying to be Jovial
Stefanus

I think the servers were having problems, I could not post twice yesterday even though logged in. I shut down, rebooted, and I got in and site performed normally.

:)

Happy (belated) Boxing Day!;)

stefanus,

Please don't apologize for being jovial... I picked up on the jovial intent, I just didn't understand the issue...:) I can be quite literal you know...:rolleyes:

As to the problem, there have been some glitches for me recently too, including the fact that I can't access the forum from work at all again. However, if you continue to have trouble, you might want to run a full set of security scans again to see if you might have a gremlin...

Thanx Guys; This problem started after receiveing a Seasonal Greeting from a friend of my Daughter`s, have done a check with evey thing and all seems ok except a Pop up that keeps appearing "Macro Media" and it struck a chord form last year, I did not open it of course, it came with a security warning and keeps popping up only when I log onto the Net. No name tag?? looks like an MS window but I doubt it. I have
Spybot
Adaware
CW Shredder
Pop up Manager
Norton
HJT
Maybe I should post an HJT log
Thanx for your greeting Flick
Stefanus
;)

An HJT log sounds like a good idea to me...

Budfred this is the latest. I did have a problem a while back with a Pop Up ie. PayPal and deleted but was horrified when opening the OE delit box to see that it had been opend. Hope this might assist.

My HJT Log:
Logfile of HijackThis v1.97.7
Scan saved at 19:03:45, on 31/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: RealGuide (HKLM)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37915.1148958333
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
Another forum advised me that the file was incomplete hence the Pit Stop!! Incidently, tried to install a McAfee Firewall from aCD and had a Window informing me that there was "A PAGE ERROR CANNOT INSTALL".???

Stefanus

Well, I am not sure what this is:

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

but none of the Google hits I found indicated anything evil, so your log looks pretty clean...

I wonder if that card is just trying to run and trying to get you to download MacroMedia to help it run?? I don't see anything in your processes to support that, but ????

You could try running the Startups part of HJT and see if there are any clues in there....

How do I run the Startups part of HJT??
I could not log in again from Welcome to the PC Guide site, had to open OE and and log on via an e-mail thread notification. May not be related.
Stefanus

After you open HJT, click on Config and then Misc Tools... One of the options will be to generate a Startup List log...

Thanx, will try that:D
Stefanus
Waba. Here it is

StartupList report, 01/01/04, 21:59:45
StartupList version: 1.52
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
EM_EXEC = c:\mouse\system\em_exec.exe
Multimedia Keyboard = C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Onscreen Display = C:\Program Files\Netropa\Onscreen Display\OSD.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
PE2CKFNT SE = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
Norton eMail Protect = C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
NAV DefAlert = C:\PROGRA~1\NORTON~1\DEFALERT.EXE
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
Ad-aware = "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 1/1/2004, 21:4:44)

[Rename]
NUL=c:\windows\cookies\s.j.murray@mediaplex[1].txt
NUL=c:\windows\cookies\s.j.murray@tribalfusion[1].txt
NUL=c:\windows\cookies\s.j.murray@valueclick[2].txt
NUL=c:\windows\cookies\s.j.murray@etype.adbureau[2].txt
NUL=c:\windows\cookies\s.j.murray@bluestreak[1].txt
NUL=c:\windows\cookies\s.j.murray@atdmt[2].txt
NUL=c:\windows\cookies\s.j.murray@doubleclick[1].txt

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 29/12/2003, 19:47:12)

[Rename]
C:\WINDOWS\SYSTEM\MSI.DLL=C:\WINDOWS\SYSTEM\TBMD2F 4.TMP
C:\WINDOWS\SYSTEM\MSI.DLL=C:\WINDOWS\SYSTEM\TBMF0D 5.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi)
mode con codepage select=850
keyb uk,,c:\windows\COMMAND\keyboard.sys
C:\PROGRA~1\NORTON~1\NAVDX.EXE /startup
lh c:\Windows\Command\doskey.com

--------------------------------------------------

C:\CONFIG.SYS listing:

FILES=50
BUFFERS=50
DOS=HIGH,UMB
LASTDRIVE=Z
DEVICE=C:\WINDOWS\HIMEM.SYS /TESTMEM:OFF
device=c:\windows\COMMAND\display.sys con=(ega,,1)
Country=044,850,c:\windows\COMMAND\country.sys

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

CALL C:\CDINST.BAT Q
c:\mouse\mouse.exe

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

Popup Manager - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.5.DLL - {08E74C67-99A6-45C7-94DA-A397A8FD8082}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
update.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37915.1148958333

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 8,151 bytes
Report generated in 1.347 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I don't know how to read all of this, but the only thing I can see that might be an issue is it looks like you have an unfinished AdAware scan. You can run AdAware and reboot to finish it. Otherwise hang on for those more familiar with these logs than me to look it over and see if there are any problems....

Thanx,holding on tightly;)
Stefanus

The StartupList looks pretty clean too.......

Thank you all! MJC; what was that item Budfred was not too happy about. In brief. 012 - Plugin. etc
Stefanus