petervane
asked on
Persistent redialing Hijackthis log attached
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?
Thks
Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\DIRECWAY\bin\d pcproxy.ex e
C:\Program Files\Borland\InterBase\bi n\ibguard. exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EX E
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLa bs\vsmon.e xe
C:\PROGRA~1\PESTPA~1\PPMem Check.exe
C:\PROGRA~1\PESTPA~1\PPCon trol.exe
C:\PROGRA~1\NORTON~1\navap w32.exe
C:\PROGRA~1\PESTPA~1\Cooki ePatrol.ex e
C:\WINDOWS\system32\RunDll 32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\CAP 2LAK.EXE
C:\Program Files\DIRECWAY\BIN\dpcstar t.exe
C:\WINDOWS\SYSTEM32\SPOOL\ DRIVERS\W3 2X86\3\CAP 2SWK.EXE
C:\Program Files\Borland\InterBase\bi n\ibserver .exe
C:\PROGRA~1\DIRECWAY\bin\d pcnav.exe
C:\Program Files\Symantec\pcAnywhere\ Winaw32.ex e
C:\WINDOWS\system32\wscntf y.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Symantec\pcAnywhere\ awhost32.e xe
C:\PROGRA~1\MICROS~2\Offic e\OUTLOOK. EXE
C:\WINDOWS\system32\taskmg r.exe
C:\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem Check.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon trol.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap w32.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki ePatrol.ex e
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\ Drivers\w3 2x86\3\CAP 2ONN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEU P~1\SNDMon .EXE
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\CAP 2LAK.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstar t.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2 407B42F57C 9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079300320730
O16 - DPF: {9600F64D-755F-11D4-A47F-0 001023E6D5 A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7 D54A7E8A78 D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0 0902743800 3} (Persits Software XUpload) - http://eastmon.fujicolor.com.au/en/Photo/XUpload.ocx
O17 - HKLM\System\CCS\Services\T cpip\..\{1 DF2900F-86 C6-4934-86 F3-B6A085D D5731}: Domain = telstra.com
O17 - HKLM\System\CCS\Services\T cpip\..\{1 DF2900F-86 C6-4934-86 F3-B6A085D D5731}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\T cpip\..\{F 0BD314C-12 97-4AA7-A3 69-72D7257 F1CAF}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\T cpip\..\{1 DF2900F-86 C6-4934-86 F3-B6A085D D5731}: Domain = telstra.com
O17 - HKLM\System\CS1\Services\T cpip\..\{1 DF2900F-86 C6-4934-86 F3-B6A085D D5731}: NameServer = 139.134.5.51,139.134.2.190
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?
Thks
Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Borland\InterBase\bi
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EX
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLa
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\PPCon
C:\PROGRA~1\NORTON~1\navap
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\system32\RunDll
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\spool\
C:\Program Files\DIRECWAY\BIN\dpcstar
C:\WINDOWS\SYSTEM32\SPOOL\
C:\Program Files\Borland\InterBase\bi
C:\PROGRA~1\DIRECWAY\bin\d
C:\Program Files\Symantec\pcAnywhere\
C:\WINDOWS\system32\wscntf
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec\pcAnywhere\
C:\PROGRA~1\MICROS~2\Offic
C:\WINDOWS\system32\taskmg
C:\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEU
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstar
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {9600F64D-755F-11D4-A47F-0
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\T
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you need the modem?
Uninstall or disable in Bios if it's onboard.
Zee
HijackThis online log analyser:
http://www.hijackthis.de/index.php?langselect=english
IMPORTANT:
Update your HJT to version 1.98.2 here:
http://www.majorgeeks.com/download3155.html
Zee