Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My pc is running slowly


  • This topic is locked This topic is locked

#1
dogbiscuit

dogbiscuit

    Member

  • Member
  • PipPipPip
  • 149 posts
My pc has been running slowly for weeks maybe months now but no sign of any virus. When I click on 'My Copmputer' it shines it's little flashlight around and takes a couple of minutes to open (usually). Programs take a while to fire up and internet toolbars also take ages to search and open pages.
I have had my ad-aware log checked out. I was told to restore my host file which I have done but still no change.
Here is my hijack log. Any help would be hugely appreciated :tazz:

Logfile of HijackThis v1.99.0
Scan saved at 3:33:28 PM, on 4/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_0/home.html"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.10.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [trycrt] AppMasterCenter.exe
O4 - HKCU\..\Run: [srbho] EXE32EXE.exe
O4 - HKCU\..\Run: [panel_its] KeywordFinder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101827558000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...438/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe

O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.10.exe"

O4 - HKCU\..\Run: [trycrt] AppMasterCenter.exe
O4 - HKCU\..\Run: [srbho] EXE32EXE.exe

O4 - HKCU\..\Run: [panel_its] KeywordFinder.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

Then reboot and post a new log. Is your KAV up-to-date and running properly?

Regards,
  • 0

#3
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok here is my new log. My KAV is up to date and seems to be running ok. PC is still going like a snail.

Logfile of HijackThis v1.99.0
Scan saved at 9:28:17 PM, on 4/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_0/home.html"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101827558000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...438/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Did those O17 lines return or were they never away?

They are using CWS servers to act as your NameServers.
Change them in your network settings if HijackThis can't accomplish it.

Regards,
  • 0

#5
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
I fixed them. They must have come back. My pc seemed to run a bit better for a bit then went crap again, maybe it's cause they returned. How do I change them in network settings? Is that in control panel?
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Control Panel
Network Connections (or Network and Dial-Up Connections)
Local Area Connection
Properties
Internet Protocol TCP/IP
Properties
Use the following DNS server addresses:
Preferred DNS Server: 66.192.152.154
Alternate DNS Server: 66.192.152.155
OK, OK, etc.

If it sticks then we will have to find the correct ones for your ISP, but these will do for now.

Regards,
  • 0

#7
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok I changed it but I those 017 lines reapear everytime I reboot.
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Then we'll have to find the file that does that. :tazz:

Please download and install Agent Ransack from: http://www.mythicsof...ck/default.aspx

Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.

In the bottom bar type or paste 69.50.166.94

Then click Start Search.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Regards,
  • 0

#9
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok done that. Here's the result

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk (5 KB, 4/29/2005 3:26:50 PM)
52 IpDnsAddress=69.50.166.94
142 IpDnsAddress=69.50.166.94
233 IpDnsAddress=69.50.166.94

C:\Documents and Settings\craig\Local Settings\Temporary Internet Files\Content.IE5\MXYCO0U7\index[1].php (81 KB, 4/29/2005 4:09:39 PM)
17 href='http://www.bitdefender.com/scan/Msie/bitdefender.cab' target='_blank'>http://www.bitdefend...nder.cab</a><br />O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - <a href='http://support.f-secure.com/ols/fscax.cab' target='_blank'>http://support.f-sec...scax.cab</a><br />O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - <a href='http://www.pandasoftware.com/activescan/as5/asinst.cab' target='_blank'>http://www.pandasoft...inst.cab</a><br />O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - <a href='http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab' target='_blank'>http://messenger.msn...ader.cab</a><br />O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - <a href='http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab' target='_blank'>http://messenger.zon...2846.cab</a><br />O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - <a href='http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab' target='_blank'>http://download.mcaf...dmgr.cab</a><br />O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - <a href='http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab' target='_blank'>http://messenger.zon...1267.cab</a><br />O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - <a href='http://www.commandondemand.com/eval/cod/cabs/cssweb.cab' target='_blank'>http://www.commandon...sweb.cab</a><br />O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - <br />O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - <br />O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - <a href='http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab' target='_blank'>http://download.mcaf...scan.cab</a><br />O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - <a href='http://www.pcpitstop.com/antivirus/PitPav.cab' target='_blank'>http://www.pcpitstop...tPav.cab</a><br />O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe<br />O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<br />O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe<br />O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe<br /><br /> <!--IBF.ATTACHMENT_96544--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_offline.gif' border='0' alt='User is offline' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=36693','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=36693"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-
18 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 96712 --> <div class="postcolor">Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:<br /><br />O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe<br /><br />O4 - HKLM\..\Run: [requester] &quot;C:\WINDOWS\System32\requester.10.exe&quot;<br /><br />O4 - HKCU\..\Run: [trycrt] AppMasterCenter.exe<br />O4 - HKCU\..\Run: [srbho] EXE32EXE.exe<br /><br />O4 - HKCU\..\Run: [panel_its] KeywordFinder.exe<br /><br />O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br /><br />Then reboot and post a new log. Is your KAV up-to-date and running properly?<br /><br />Regards, <!--IBF.ATTACHMENT_96712--></div> <br /><br />--------------------<br /> <div class="signature"><span style='color:brown'><b>Pieter</b></span><br /><br /><a href='http://metallica.geekstogo.com/' target='_blank'><span style='color:red'><b>Remove & prevent spyware</b></span></a></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(96712); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_96712" alt="+" /></a><a href="http://www.geekstogo...#38;qpid=96712" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 97217--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry97217"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/dogbiscuit-m36693.html'>dogbiscuit</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Yesterday, 09:30 PM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(97217); return false;">#3</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post2"> <span class="postdetails"> <br /><br /> Member<br /> <img src='style_images/1/pip.gif' border='0' alt='*' /><img src='style_images/1/pip.gif' border='0' alt='*' /><br /><br /> Group: Member<br /> Posts: 9<br /> Joined: 25-April 05<br /> Member No.: 36,693<br /> Operating System:<br />
18 href='http://www.bitdefender.com/scan/Msie/bitdefender.cab' target='_blank'>http://www.bitdefend...nder.cab</a><br />O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - <a href='http://support.f-secure.com/ols/fscax.cab' target='_blank'>http://support.f-sec...scax.cab</a><br />O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - <a href='http://www.pandasoftware.com/activescan/as5/asinst.cab' target='_blank'>http://www.pandasoft...inst.cab</a><br />O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - <a href='http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab' target='_blank'>http://messenger.msn...ader.cab</a><br />O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - <a href='http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab' target='_blank'>http://messenger.zon...2846.cab</a><br />O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - <a href='http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab' target='_blank'>http://download.mcaf...dmgr.cab</a><br />O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - <a href='http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab' target='_blank'>http://messenger.zon...1267.cab</a><br />O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - <a href='http://www.commandondemand.com/eval/cod/cabs/cssweb.cab' target='_blank'>http://www.commandon...sweb.cab</a><br />O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - <br />O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - <br />O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - <a href='http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab' target='_blank'>http://download.mcaf...scan.cab</a><br />O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - <a href='http://www.pcpitstop.com/antivirus/PitPav.cab' target='_blank'>http://www.pcpitstop...tPav.cab</a><br />O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244<br />O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244<br />O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe<br />O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<br />O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe<br />O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe<br /><br /> <!--IBF.ATTACHMENT_97217--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_offline.gif' border='0' alt='User is offline' />

24 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 98314 --> <div class="postcolor">Then we'll have to find the file that does that. <!--emo&:tazz:--><img src='style_emoticons/default/angry.gif' border='0' style='vertical-align:middle' alt='angry.gif' /><!--endemo--> <br /><br />Please download and install Agent Ransack from: <a href='http://www.mythicsoft.com/agentransack/default.aspx' target='_blank'>http://www.mythicsof...ult.aspx</a><br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.<br /><br />In the bottom bar type or paste <b>69.50.166.94</b><br /><br />Then click Start Search.<br /><br />It will take quite a while before it's done.<br /><br />When it is click &quot;Save results&quot; (icon #4 from the left)<br />Choose save to clipboard and paste them into your next post.<br /><br />Regards, <!--IBF.ATTACHMENT_98314--></div> <br /><br />--------------------<br /> <div class="signature"><span style='color:brown'><b>Pieter</b></span><br /><br /><a href='http://metallica.geekstogo.com/' target='_blank'><span style='color:red'><b>Remove & prevent spyware</b></span></a></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(98314); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_98314" alt="+" /></a><a href="http://www.geekstogo...#38;qpid=98314" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!-- END TABLE --><!-- TABLE FOOTER --> <div class="barc"> <div style="float: right; padding: 5px 5px 0 0;"><a href="http://www.geekstogo...7&#38;view=old" style='text-decoration:none'>&laquo; Next Oldest</a> &middot; <a href="http://www.geekstogo..._Here-f37.html" style='font-weight: bold;text-decoration:none'>Malware Removal - HiJackThis Logs Go Here</a> &middot; <a href="http://www.geekstogo...7&#38;view=new" style='text-decoration:none'>Next Newest &raquo;</a></div> <div> <form action="http://www.geekstogo...rum/index.php?" method="post" name="search"> <input type="hidden" name="forums" value="37" /> <input type="hidden" name="topic" value="20207" /> <input type="hidden" name="act" value="Search" /> <input type="hidden" name="CODE" value="searchtopic" /> <input type="text" size="25" name="keywords" class="searchinput" value="Enter Keywords" onfocus="this.value = '';" />&nbsp; <input type="submit" value="Search Topic" class="button" /> </form> </div> </div> </div> <br /><table cellspacing="0"> <tr> <td style='padding-left:0px' width="30%" nowrap="nowrap" valign="middle"><div></div></td> <td class='nopad' style='padding:5px 0px 5px 0px' align="right" width="70%"><a href="java script:ShowHide('qr_open','qr_closed');" title="Open Fast Reply Window" accesskey="f"><img src='style_images/1/t_qr.gif' border='0' alt='Fast Reply' /></a><a href="http://www.geekstogo...8;t=20207"><img src='style_images/1/t_reply.gif' border='0' alt='Reply to this topic' /></a><a href="java script:ShowHide('topic_open','topic_closed')" title="Open Topic Options"><img src='style_images/1/t_options.gif' border='0' alt='Topic Options' /></a><a href="http://www.geekstogo...topic-f37.html" title="Start a new topic"><img src='style_images/1/t_new.gif' border='0' alt='Start new topic' /></a><!--<a href="http://www.geekstogo...-f37.html"><img src='style_images/1/t_poll.gif' border='0' alt

C:\Program Files\hjt\hijackthis27-4-05.log (11 KB, 4/27/2005 3:33:28 PM)
110 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
111 O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244
112 O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244
113 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
114 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
115 O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\hijackthis28-4-05.log (11 KB, 4/28/2005 9:28:17 PM)
106 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
107 O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244
108 O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244
109 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
110 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244
111 O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050119-155257-521 (1 KB, 1/19/2005 4:52:57 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244

C:\Program Files\hjt\backups\backup-20050119-155257-606 (1 KB, 1/19/2005 4:52:57 PM)
1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050119-155257-741 (1 KB, 1/19/2005 4:52:57 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050119-155257-791 (1 KB, 1/19/2005 4:52:57 PM)
1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-366 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-423 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-624 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-634 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-697 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244

C:\Program Files\hjt\backups\backup-20050428-211745-956 (1 KB, 4/28/2005 9:17:45 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050429-152228-294 (1 KB, 4/29/2005 3:22:28 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}: NameServer = 69.50.166.94 69.31.80.244

C:\Program Files\hjt\backups\backup-20050429-152228-405 (1 KB, 4/29/2005 3:22:28 PM)
1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050429-152228-515 (1 KB, 4/29/2005 3:22:28 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}: NameServer = 69.50.166.94,69.31.80.244

C:\Program Files\hjt\backups\backup-20050429-152228-690 (1 KB, 4/29/2005 3:22:28 PM)
1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}: NameServer = 69.50.166.94,69.31.80.244
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I just said an awful lot of [bleeps]

But for your sake I hope I'm right, because I think I have the solution.

Can you please find

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk

The Application Data folder is a hidden one, so make sute you have those showing

Rightclick on the file and open it in notepad. Post the content please.

Regards,
  • 0

Advertisements


#11
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
here it is:

[Virgin Net Registration Server]
Encoding=1
Type=1
AutoLogon=0
UseRasCredentials=1
DialParamsUID=443898
Guid=0F44FB0DB4CD0A4196074F29E74E96DC
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=0
SwCompression=0
NegotiateMultilinkAlways=0
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=1
DialPercent=75
DialSeconds=120
HangUpPercent=10
HangUpSeconds=120
OverridePref=15
RedialAttempts=3
RedialSeconds=60
IdleDisconnectSeconds=0
RedialOnLinkFailure=0
CallbackMode=0
CustomDialDll=ICWDIAL.dll
CustomDialFunc=AutoDialHandler
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=0
SharedPhoneNumbers=1
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=COM3
PreferredDevice=Intel® 536EP V.92 Modem
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=1
ShowDialingProgress=1
ShowMonitorIconInTaskBar=0
CustomAuthKey=-1
AuthRestrictions=632
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=1
IpAddress=0.0.0.0
IpDnsAddress=69.50.166.94
IpDns2Address=69.31.80.244
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=2
IpFrameSize=1006
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=0
IpSecFlags=0
IpDnsSuffix=

NETCOMPONENTS=
ms_msclient=0
ms_server=0

MEDIA=serial
Port=COM4
Device=Mobile 115200
ConnectBPS=115200

DEVICE=modem
PhoneNumber=4550200
AreaCode=0845
CountryCode=44
CountryID=44
UseDialingRules=1
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
HwFlowControl=1
Protocol=0
Compression=0
Speaker=0
MdmProtocol=0

[Virgin.net 24-7]
Encoding=1
Type=1
AutoLogon=0
UseRasCredentials=1
DialParamsUID=695349
Guid=2921924D7CD07D4D9D6F64CE924AC22E
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=8
SwCompression=1
NegotiateMultilinkAlways=0
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=1
DialPercent=75
DialSeconds=120
HangUpPercent=10
HangUpSeconds=120
OverridePref=15
RedialAttempts=3
RedialSeconds=60
IdleDisconnectSeconds=0
RedialOnLinkFailure=0
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=0
SharedPhoneNumbers=1
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=COM3
PreferredDevice=Intel® 536EP V.92 Modem
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=1
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=-1
AuthRestrictions=632
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=1
IpAddress=0.0.0.0
IpDnsAddress=69.50.166.94
IpDns2Address=69.31.80.244
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=2
IpFrameSize=1006
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=0
IpSecFlags=0
IpDnsSuffix=

NETCOMPONENTS=
ms_msclient=0
ms_server=0
ms_psched=1

MEDIA=serial
Port=COM4
Device=Mobile 115200
ConnectBPS=115200

DEVICE=modem
PhoneNumber=9909030
AreaCode=0808
CountryCode=44
CountryID=44
UseDialingRules=1
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
HwFlowControl=1
Protocol=0
Compression=0
Speaker=0
MdmProtocol=0

[Speedtouch Connection]
Encoding=1
Type=1
AutoLogon=0
UseRasCredentials=1
DialParamsUID=19006259
Guid=DBDD0D2065714B4B8E63102144539F6E
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=8
SwCompression=0
NegotiateMultilinkAlways=1
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=0
DialPercent=0
DialSeconds=0
HangUpPercent=0
HangUpSeconds=0
OverridePref=15
RedialAttempts=0
RedialSeconds=0
IdleDisconnectSeconds=0
RedialOnLinkFailure=0
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=1
SharedPhoneNumbers=0
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=ISDN11-0
PreferredDevice=SpeedTouch USB ADSL PPP
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=1
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=-1
AuthRestrictions=888
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=1
IpAddress=0.0.0.0
IpDnsAddress=69.50.166.94
IpDns2Address=69.31.80.244
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=2
IpFrameSize=1006
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=0
IpSecFlags=0
IpDnsSuffix=

NETCOMPONENTS=
ms_msclient=1
ms_server=0

MEDIA=isdn
Port=ISDN11-0
Device=SpeedTouch USB ADSL PPP

DEVICE=isdn
PhoneNumber=0
AreaCode=
CountryCode=1
CountryID=32
UseDialingRules=0
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
LineType=0
Fallback=1
EnableCompression=1
ChannelAggregation=1
Proprietary=0
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good. :tazz:

I made some changes and will attach your new one as a txt file to this post.
Now download the attachment to this post and save it as rasphone.pbk into the C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk folder

Now break your internet connection.
Then rename the one you just posted the content of to rasphone.old
Should your connection be worse for some reason after applying the new one, you can rename it back, so it is our backup, so don't delete it (yet).

Now rename the rasphone.txt I made to rasphone.pbk and reboot.

Let me know how it works out.

Regards,

Attached Files


  • 0

#13
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
I'm afraid I did everything you said but those [bleep] 017 lines keep coming back!
Oh yeah and this log appeared on my desktop after reboot. I have no idea what it is. It also appeared on my desktop a few months ago but I had just deleted it and forgot about it.

#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d705366, pid=2960, tid=3080
#
# Java VM: Java HotSpot™ Client VM (1.5.0_01-b08 mixed mode)
# Problematic frame:
# V [jvm.dll+0xc5366]
#

--------------- T H R E A D ---------------

Current thread (0x02a810b0): VMThread [id=3080]

siginfo: ExceptionCode=0xc0000005, reading address 0x4c28001d

Registers:
EAX=0x160b5d74, EBX=0x00000000, ECX=0x4c28001d, EDX=0x6d765874
ESP=0x0474fc20, EBP=0x0474fc5c, ESI=0x160b0290, EDI=0x6d7a6bc0
EIP=0x6d705366, EFLAGS=0x00010206

Top of Stack: (sp=0x0474fc20)
0x0474fc20: 160b5d74 6d70532f 6d7a6bc0 6d70558a
0x0474fc30: 6d7aaf48 6d745f74 6d7aaf48 6d7a6bc0
0x0474fc40: 00037128 6d6ac9f4 6d7a6bc0 00000000
0x0474fc50: 00000001 00037128 00000000 0474fcc4
0x0474fc60: 6d6adc4d 00000001 00000000 00000001
0x0474fc70: 00000002 6d7a6bc0 6d7a6bc0 00000001
0x0474fc80: 00037128 00000000 00000000 00000001
0x0474fc90: 00000001 00000001 00000000 00000000

Instructions: (pc=0x6d705366)
0x6d705356: 08 8b 08 8b 40 08 8b 04 88 50 8b 48 04 83 c1 08
0x6d705366: 8b 11 ff 52 58 eb de c3 e9 00 00 00 00 c7 05 bc


Stack: [0x04650000,0x04750000), sp=0x0474fc20, free space=1023k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [jvm.dll+0xc5366]
V [jvm.dll+0x6dc4d]
V [jvm.dll+0x6d9e4]
V [jvm.dll+0x70fd9]
V [jvm.dll+0xfd71a]
V [jvm.dll+0x6c816]
V [jvm.dll+0x6cea6]
V [jvm.dll+0x117db0]
V [jvm.dll+0x117887]
V [jvm.dll+0x117a27]
V [jvm.dll+0x1177bc]
C [msvcrt.dll+0x27fb8]
C [kernel32.dll+0x165da]

VM_Operation (0x0b08fac0): full generation collection, mode: safepoint, requested by thread 0x04f39f08


--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x05b18620 JavaThread "irc-connection-thread" [_thread_in_native, id=3260]
0x05ad5780 JavaThread "Timer-0" [_thread_blocked, id=3252]
0x05bf8aa0 JavaThread "Thread-6" [_thread_blocked, id=3248]
0x04f39f08 JavaThread "Thread-5" [_thread_blocked, id=3244]
0x04e81618 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=3208]
0x05b1a7c0 JavaThread "TimerQueue" daemon [_thread_blocked, id=3204]
0x05a3b6a8 JavaThread "TimerQueue" daemon [_thread_blocked, id=3196]
0x05a40000 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=3192]
0x05b26fa0 JavaThread "TimerQueue" daemon [_thread_blocked, id=3172]
0x05b047b8 JavaThread "thread applet-com.jmeeting.boot.applet.JBootApplet" [_thread_blocked, id=3156]
0x02a22ea0 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3140]
0x02a2a708 JavaThread "AWT-Shutdown" [_thread_blocked, id=3136]
0x02a87e20 JavaThread "traceMsgQueueThread" [_thread_blocked, id=3124]
0x02a2aaf0 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3120]
0x02a3ea70 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3112]
0x02a8a128 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3100]
0x02a5eaa0 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3096]
0x0003b300 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3092]
0x02a29e88 JavaThread "Finalizer" daemon [_thread_blocked, id=3088]
0x02a668b0 JavaThread "Reference Handler" daemon [_thread_blocked, id=3084]
0x0003aba0 JavaThread "main" [_thread_in_native, id=2964]

Other Threads:
=>0x02a810b0 VMThread [id=3080]
0x02a3f530 WatcherThread [id=3104]

VM state:at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
[0x02a7da20/0x00000698] Threads_lock - owner thread: 0x02a810b0
[0x02a616d0/0x000006d4] Heap_lock - owner thread: 0x04f39f08

Heap
def new generation total 960K, used 108K [0x100b0000, 0x101b0000, 0x10810000)
eden space 896K, 4% used [0x100b0000, 0x100bb030, 0x10190000)
from space 64K, 100% used [0x101a0000, 0x101b0000, 0x101b0000)
to space 64K, 0% used [0x10190000, 0x10190000, 0x101a0000)
tenured generation total 11692K, used 8272K [0x10810000, 0x1137b000, 0x160b0000)
the space 11692K, 70% used [0x10810000, 0x11024370, 0x11024400, 0x1137b000)
compacting perm gen total 12800K, used 12787K [0x160b0000, 0x16d30000, 0x1a0b0000)
the space 12800K, 99% used [0x160b0000, 0x16d2cd30, 0x16d2ce00, 0x16d30000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x77f50000 - 0x77ff9000 C:\WINDOWS\System32\ntdll.dll
0x77e60000 - 0x77f40000 C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c63000 C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dc6000 C:\WINDOWS\system32\USER32.dll
0x77c70000 - 0x77cae000 C:\WINDOWS\system32\GDI32.dll
0x77dd0000 - 0x77e5b000 C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x7806f000 C:\WINDOWS\system32\RPCRT4.dll
0x772d0000 - 0x77334000 C:\WINDOWS\system32\SHLWAPI.dll
0x71700000 - 0x71848000 C:\WINDOWS\System32\SHDOCVW.dll
0x71950000 - 0x71a34000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x773d0000 - 0x77bbf000 C:\WINDOWS\system32\SHELL32.dll
0x77340000 - 0x773cb000 C:\WINDOWS\system32\comctl32.dll
0x771b0000 - 0x772c3000 C:\WINDOWS\system32\ole32.dll
0x5ad70000 - 0x5ada4000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476b000 C:\WINDOWS\System32\MSCTF.dll
0x71500000 - 0x715fd000 C:\WINDOWS\System32\BROWSEUI.dll
0x72430000 - 0x72442000 C:\WINDOWS\System32\browselc.dll
0x75f40000 - 0x75f5d000 C:\WINDOWS\system32\appHelp.dll
0x7c620000 - 0x7c6a1000 C:\WINDOWS\System32\CLBCATQ.DLL
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x77050000 - 0x77115000 C:\WINDOWS\System32\COMRes.dll
0x77c00000 - 0x77c07000 C:\WINDOWS\system32\VERSION.dll
0x63000000 - 0x63095000 C:\WINDOWS\system32\WININET.dll
0x762c0000 - 0x76348000 C:\WINDOWS\system32\CRYPT32.dll
0x762a0000 - 0x762b0000 C:\WINDOWS\system32\MSASN1.dll
0x76f90000 - 0x76fa0000 C:\WINDOWS\System32\Secur32.dll
0x76620000 - 0x7666e000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661b000 C:\WINDOWS\System32\CSCDLL.dll
0x76670000 - 0x76754000 C:\WINDOWS\System32\SETUPAPI.dll
0x10000000 - 0x100ad000 c:\program files\google\googletoolbar1.dll
0x1a400000 - 0x1a47a000 C:\WINDOWS\system32\urlmon.dll
0x71ad0000 - 0x71ad8000 C:\WINDOWS\System32\WSOCK32.dll
0x71ab0000 - 0x71ac5000 C:\WINDOWS\System32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\System32\WS2HELP.dll
0x76c30000 - 0x76c5b000 C:\WINDOWS\System32\WINTRUST.dll
0x76c90000 - 0x76cb2000 C:\WINDOWS\system32\IMAGEHLP.dll
0x76b40000 - 0x76b6c000 C:\WINDOWS\System32\WINMM.dll
0x5cd70000 - 0x5cd77000 C:\WINDOWS\System32\serwvdrv.dll
0x5b0a0000 - 0x5b0a7000 C:\WINDOWS\System32\umdmxfrm.dll
0x6d510000 - 0x6d58c000 C:\WINDOWS\System32\DBGHELP.DLL
0x01800000 - 0x01839000 C:\WINDOWS\System32\RASAPI32.DLL
0x76e90000 - 0x76ea1000 C:\WINDOWS\System32\rasman.dll
0x71c20000 - 0x71c6d000 C:\WINDOWS\System32\NETAPI32.dll
0x76eb0000 - 0x76eda000 C:\WINDOWS\System32\TAPI32.dll
0x76e80000 - 0x76e8d000 C:\WINDOWS\System32\rtutils.dll
0x75a70000 - 0x75b13000 C:\WINDOWS\system32\USERENV.dll
0x0ffd0000 - 0x0fff2000 C:\WINDOWS\System32\rsaenh.dll
0x01520000 - 0x01528000 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
0x75e90000 - 0x75f32000 C:\WINDOWS\System32\SXS.DLL
0x01a90000 - 0x01b4b000 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
0x5edd0000 - 0x5edea000 C:\WINDOWS\System32\olepro32.dll
0x01c70000 - 0x01cf8000 C:\WINDOWS\System32\shdoclc.dll
0x74770000 - 0x747ff000 C:\WINDOWS\System32\mlang.dll
0x71a50000 - 0x71a8b000 C:\WINDOWS\system32\mswsock.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x01d00000 - 0x01d10000 C:\WINDOWS\System32\ctagent.dll
0x06270000 - 0x06285000 C:\WINDOWS\system32\SSSensor.dll
0x76f20000 - 0x76f45000 C:\WINDOWS\System32\DNSAPI.dll
0x76fb0000 - 0x76fb7000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\System32\sensapi.dll
0x76fc0000 - 0x76fc5000 C:\WINDOWS\System32\rasadhlp.dll
0x63580000 - 0x63828000 C:\WINDOWS\System32\mshtml.dll
0x746f0000 - 0x74719000 C:\WINDOWS\System32\msimtf.dll
0x76390000 - 0x763aa000 C:\WINDOWS\System32\IMM32.DLL
0x01d30000 - 0x01d40000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll
0x76080000 - 0x760e1000 C:\WINDOWS\System32\MSVCP60.dll
0x6b700000 - 0x6b790000 C:\WINDOWS\System32\jscript.dll
0x746c0000 - 0x746e7000 C:\WINDOWS\System32\MSLS31.DLL
0x6b600000 - 0x6b671000 C:\WINDOWS\System32\vbscript.dll
0x03390000 - 0x03537000 C:\WINDOWS\System32\macromed\flash\Flash.ocx
0x763b0000 - 0x763f5000 C:\WINDOWS\system32\comdlg32.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\System32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\System32\msacm32.drv
0x77be0000 - 0x77bf4000 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\System32\midimap.dll
0x66880000 - 0x6688a000 C:\WINDOWS\System32\imgutil.dll
0x65000000 - 0x65009000 C:\WINDOWS\System32\ddrawex.dll
0x51000000 - 0x5104d000 C:\WINDOWS\System32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\System32\DCIMAN32.dll
0x74cb0000 - 0x74d1f000 C:\WINDOWS\System32\mshtmled.dll
0x6d590000 - 0x6d5a1000 C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_01\bin\jpiexp32.dll
0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_01\bin\jpishare.dll
0x6d640000 - 0x6d7c5000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll
0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\System32\PSAPI.DLL
0x6d610000 - 0x6d61c000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\verify.dll
0x6d300000 - 0x6d31d000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.dll
0x6d630000 - 0x6d63f000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\zip.dll
0x6d000000 - 0x6d166000 C:\Program Files\Java\jre1.5.0_01\bin\awt.dll
0x73000000 - 0x73023000 C:\WINDOWS\System32\WINSPOOL.DRV
0x5c000000 - 0x5c0c8000 C:\WINDOWS\System32\D3DIM700.DLL
0x6d240000 - 0x6d27d000 C:\Program Files\Java\jre1.5.0_01\bin\fontmanager.dll
0x6d1f0000 - 0x6d203000 C:\Program Files\Java\jre1.5.0_01\bin\deploy.dll
0x6d5d0000 - 0x6d5ed000 C:\Program Files\Java\jre1.5.0_01\bin\RegUtils.dll
0x76400000 - 0x765fb000 C:\WINDOWS\System32\msi.dll
0x6d3e0000 - 0x6d3f4000 C:\Program Files\Java\jre1.5.0_01\bin\jpicom32.dll
0x1b060000 - 0x1b06b000 C:\WINDOWS\System32\pngfilt.dll
0x6d4c0000 - 0x6d4d3000 C:\Program Files\Java\jre1.5.0_01\bin\net.dll
0x6d1c0000 - 0x6d1e3000 C:\Program Files\Java\jre1.5.0_01\bin\dcpr.dll
0x6d4e0000 - 0x6d4e9000 C:\Program Files\Java\jre1.5.0_01\bin\nio.dll
0x6d3c0000 - 0x6d3df000 C:\Program Files\Java\jre1.5.0_01\bin\jpeg.dll
0x0a690000 - 0x0a6a5000 C:\Documents and Settings\craig\jmeeting\library\jmutil.dll
0x0a6c0000 - 0x0a6cb000 C:\Documents and Settings\craig\jmeeting\library\jmvcm.dll
0x73bd0000 - 0x73bef000 C:\WINDOWS\System32\MSVFW32.dll
0x0a6e0000 - 0x0a6ed000 C:\Documents and Settings\craig\jmeeting\library\jmvfw.dll
0x73b80000 - 0x73b92000 C:\WINDOWS\System32\AVICAP32.dll
0x0a700000 - 0x0a713000 C:\Documents and Settings\craig\jmeeting\library\jmds.dll
0x6d190000 - 0x6d1bf000 C:\Program Files\Java\jre1.5.0_01\bin\cmm.dll
0x71d40000 - 0x71d5b000 C:\WINDOWS\System32\actxprxy.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_01 -Djavaplugin.nodotversion=150_01 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_01 -Djavaplugin.nodotversion=150_01 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;;.
USERNAME=craig
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 1, AuthenticAMD


--------------- S Y S T E M ---------------

OS: Windows XP Build 2600

CPU:total 1 family 6, cmov, cx8, fxsr, mmx, sse

Memory: 4k page, physical 245232k(60888k free), swap 600980k(331112k free)

vm_info: Java HotSpot™ Client VM (1.5.0_01-b08) for windows-x86, built on Dec 6 2004 19:51:00 by "java_re" with MS VC++ 6.0

Edited by dogbiscuit, 29 April 2005 - 03:49 PM.

  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Found this about the java error:
http://bugs.sun.com/...?bug_id=4505069
I don't think it's related.

Download FindIt's.zip to your desktop.
Unzip/extract the files inside preferable to C:\ < a new folder. open the folder and run the FindIt's.bat and wait for a text to open, it will take awhile be patient, post the results please.
http://forums.net-in...=post&id=142443

Also can you check if these lines were put back in the rasphone.pbk (three instances)?

IpDnsAddress=69.50.166.94
IpDns2Address=69.31.80.244

Regards,
  • 0

#15
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
I found those IP addresses in rasphone.pbk but only two instances.
Here's the log:


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 04/30/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\System32\DNSPING.EXE
* UPX! C:\WINDOWS\TSC.EXE

»»»»» lagitamate file's can/will show in this section.

* UPX! C:\WINDOWS\VSAPI32.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Checking Windir\svcproc.exe and nail.exe.

»»»»» Checking for System32\DrPMon.dll.

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C has no label.
Volume Serial Number is B8BC-150E

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is B8BC-150E

Directory of C:\WINDOWS\system32

05/03/2001 10:36 AM 4,710 fc.ico
08/17/2001 05:42 AM 7,406 SBAudigy.ico
2 File(s) 12,116 bytes
0 Dir(s) 20,209,209,344 bytes free

»»»»»»»»»»»»»»»»»»»»»»»».
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP