Solved

Persistent redialing Hijackthis log attached

Posted on 2004-09-29
3
703 Views
Last Modified: 2013-11-16
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?

Thks

Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079300320730
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://eastmon.fujicolor.com.au/en/Photo/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BD314C-1297-4AA7-A369-72D7257F1CAF}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190

0
Comment
Question by:petervane
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12188482
ur log seems to be ok to me,,,,,, so have u checked in IE>Tools>Internet Options>Connections that NEVER DIAL A CONNECTION is checked ?
if NO then select this option and apply, now check for the problem ??

also goto Start>Run>Services.msc
look for the service Remote Access Auto Connection Manager
stop it if its started and then right click it and click properties
now set the Startup type to Disable
restart and now check for the problem ??

Post Back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202540

HijackThis online log analyser:

http://www.hijackthis.de/index.php?langselect=english

IMPORTANT:
Update your HJT to version 1.98.2 here:

http://www.majorgeeks.com/download3155.html

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202555

Do you need the modem?

Uninstall or disable in Bios if it's onboard.

Zee
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now