?
Solved

Persistent redialing Hijackthis log attached

Posted on 2004-09-29
3
Medium Priority
?
749 Views
Last Modified: 2013-11-16
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?

Thks

Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079300320730
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://eastmon.fujicolor.com.au/en/Photo/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BD314C-1297-4AA7-A369-72D7257F1CAF}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190

0
Comment
Question by:petervane
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 1000 total points
ID: 12188482
ur log seems to be ok to me,,,,,, so have u checked in IE>Tools>Internet Options>Connections that NEVER DIAL A CONNECTION is checked ?
if NO then select this option and apply, now check for the problem ??

also goto Start>Run>Services.msc
look for the service Remote Access Auto Connection Manager
stop it if its started and then right click it and click properties
now set the Startup type to Disable
restart and now check for the problem ??

Post Back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202540

HijackThis online log analyser:

http://www.hijackthis.de/index.php?langselect=english

IMPORTANT:
Update your HJT to version 1.98.2 here:

http://www.majorgeeks.com/download3155.html

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202555

Do you need the modem?

Uninstall or disable in Bios if it's onboard.

Zee
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Still wondering grappling over to strengthen your password, worry no more. Choose a Strong Passphrase instead though second factor is highly recommended. Read on more on the how-to and tips to enhance your "password" using easier to remember passphr…
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question