petervane
asked on
Persistent redialing Hijackthis log attached
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?
Thks
Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Borland\InterBase\bi
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EX
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLa
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\PPCon
C:\PROGRA~1\NORTON~1\navap
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\system32\RunDll
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\spool\
C:\Program Files\DIRECWAY\BIN\dpcstar
C:\WINDOWS\SYSTEM32\SPOOL\
C:\Program Files\Borland\InterBase\bi
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Symantec\pcAnywhere\
C:\WINDOWS\system32\wscntf
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec\pcAnywhere\
C:\PROGRA~1\MICROS~2\Offic
C:\WINDOWS\system32\taskmg
C:\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEU
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstar
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {9600F64D-755F-11D4-A47F-0
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\T
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?
Thks
Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Borland\InterBase\bi
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EX
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLa
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\PPCon
C:\PROGRA~1\NORTON~1\navap
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\system32\RunDll
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\spool\
C:\Program Files\DIRECWAY\BIN\dpcstar
C:\WINDOWS\SYSTEM32\SPOOL\
C:\Program Files\Borland\InterBase\bi
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Symantec\pcAnywhere\
C:\WINDOWS\system32\wscntf
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec\pcAnywhere\
C:\PROGRA~1\MICROS~2\Offic
C:\WINDOWS\system32\taskmg
C:\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEU
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstar
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {9600F64D-755F-11D4-A47F-0
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\T
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you need the modem?
Uninstall or disable in Bios if it's onboard.
Zee
HijackThis online log analyser:
http://www.hijackthis.de/index.php?langselect=english
IMPORTANT:
Update your HJT to version 1.98.2 here:
http://www.majorgeeks.com/download3155.html
Zee