Solved

Persistent redialing Hijackthis log attached

Posted on 2004-09-29
3
706 Views
Last Modified: 2013-11-16
Have a PC which lost it's broadband (satellite) connection. Instantly there was a persistent redial of the standard modem connection available on the PC. The ISP was able to reestablish the satellite connection via a restore of the PC. However the redial continues but not as persistent.
Customer has asked me to look at but unfortunately is remote. Have accessed PC and attach Hijackthis log which looks OK to me but may have missed something. Have updated Norton's and Adaware on PC, run both in safe mode and found nothing. Any suggestions ?

Thks

Logfile of HijackThis v1.97.7
Scan saved at 4:27:28 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079300320730
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://eastmon.fujicolor.com.au/en/Photo/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BD314C-1297-4AA7-A369-72D7257F1CAF}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: Domain = telstra.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF2900F-86C6-4934-86F3-B6A085DD5731}: NameServer = 139.134.5.51,139.134.2.190

0
Comment
Question by:petervane
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12188482
ur log seems to be ok to me,,,,,, so have u checked in IE>Tools>Internet Options>Connections that NEVER DIAL A CONNECTION is checked ?
if NO then select this option and apply, now check for the problem ??

also goto Start>Run>Services.msc
look for the service Remote Access Auto Connection Manager
stop it if its started and then right click it and click properties
now set the Startup type to Disable
restart and now check for the problem ??

Post Back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202540

HijackThis online log analyser:

http://www.hijackthis.de/index.php?langselect=english

IMPORTANT:
Update your HJT to version 1.98.2 here:

http://www.majorgeeks.com/download3155.html

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12202555

Do you need the modem?

Uninstall or disable in Bios if it's onboard.

Zee
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now