Solved

Persistent redialing Hijackthis log attached

Posted on 2004-09-29
3
711 Views
Last Modified: 2013-11-16
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?

Thks

Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079300320730
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://eastmon.fujicolor.com.au/en/Photo/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BD314C-1297-4AA7-A369-72D7257F1CAF}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190

0
Comment
Question by:petervane
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12188482
ur log seems to be ok to me,,,,,, so have u checked in IE>Tools>Internet Options>Connections that NEVER DIAL A CONNECTION is checked ?
if NO then select this option and apply, now check for the problem ??

also goto Start>Run>Services.msc
look for the service Remote Access Auto Connection Manager
stop it if its started and then right click it and click properties
now set the Startup type to Disable
restart and now check for the problem ??

Post Back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202540

HijackThis online log analyser:

http://www.hijackthis.de/index.php?langselect=english

IMPORTANT:
Update your HJT to version 1.98.2 here:

http://www.majorgeeks.com/download3155.html

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202555

Do you need the modem?

Uninstall or disable in Bios if it's onboard.

Zee
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question