If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Help! Interntet stops in few minutes
Oh and here is that log file I mentioned earlier! I think
I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#12
|
|||
|
|||
Help! Interntet stops in few minutes
Sue wrote:
Hi Again! So I uninstalled SpyBeware as you recommended. Now, I ran ad-aware and it came back squeeky clean! I ran Shreddar the other night and it came back clean. So I ran SpyCop tonight and it came back with bugs but to remove them I have to register and that I cannot do because of IE. I tried updating it before I scanned but it says "error connecting to SpyCop server". So will I just reinstall the OS and stop bugging you or have a another solution??!!! A VERY frustrated Irish Gal! Sue Since I don't like to type any more than I have to, I'm going to cut'n'paste from a reply I made to another poster, who was also wondering about a product which required "registration" ($$$)... Rick -------------------------------------------------------------------- webster72n wrote: Now that I did it, I am going to give the results to you, Rick; there we 3 errors Missing DLL/OCX/COMClasses w. 'High' priority. No idea... probably ghosts of some of the pests you rid yourself of a couple weeks ago; low priority. If it turns out to be something you need, it'll let you know when you try to run it. 5 errors Missing Shortcut or Invalid Path Medium stuff you've uninstalled which hasn't completely, or things you've deleted, or have fallen off your WMP/etc. MostRecentUsed Files... *no* priority would be a little more accurate. 1 error Connected Drives Missing Low sorta weird but if there's nothing wrong, shrug... perhaps a USB drive or the CDR/DVD part of the CD drive, maybe a virtual network drive. What I don't understand is, why any of the other applications didn't detect those things. Maybe they are not that important, but three ot them are supposed to be of high priority. If you aren't getting any errors, I certainly wouldn't worry about any of them; looks like standard system hiccups. What is your take on that? A half decent registry-cleaner will get rid of most if not all the problem listings. Couple largeish threads on that a few weeks ago. |
#13
|
|||
|
|||
Help! Interntet stops in few minutes
You're not the only one who has to live with 56K connection - so do I!
You never mentioned that you were running a firewall! - turn NIS off and see if that helps!! Looking down the list, the following items strike me as 'unusual' Running Processes C:\WINDOWS\SYSTEM\RPCSS.EXE - see http://cexx.org/rpc.htm BHO's, etc O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe This is UPnP - not related to Windows Plug and Play, it's very unlikely that you need it, and it should be uninstalled from Add/Remove Programs|Windows Setup|Communications|Universal Plug and Play It looks as if you have Norton set to scan your email - don't bother!! Norton is bad enough on its own, without the additional overhead and bugs involved in their email scanner. O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet are you aware of the fact that you have the above as a trusted site?? - in theory, it shouldn't be necessary, if it's on an intranet. The only references I can find to such a site are in German and relate to warez sites - always a source of infections of all kinds! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Sue" wrote in message ... Oh and here is that log file I mentioned earlier! I think I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#14
|
|||
|
|||
Help! Interntet stops in few minutes
Can't you get Tiscali/Wanadoo ADSL there, Noel?
Shane "Noel Paton" wrote in message ... You're not the only one who has to live with 56K connection - so do I! You never mentioned that you were running a firewall! - turn NIS off and see if that helps!! Looking down the list, the following items strike me as 'unusual' Running Processes C:\WINDOWS\SYSTEM\RPCSS.EXE - see http://cexx.org/rpc.htm BHO's, etc O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe This is UPnP - not related to Windows Plug and Play, it's very unlikely that you need it, and it should be uninstalled from Add/Remove Programs|Windows Setup|Communications|Universal Plug and Play It looks as if you have Norton set to scan your email - don't bother!! Norton is bad enough on its own, without the additional overhead and bugs involved in their email scanner. O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet are you aware of the fact that you have the above as a trusted site?? - in theory, it shouldn't be necessary, if it's on an intranet. The only references I can find to such a site are in German and relate to warez sites - always a source of infections of all kinds! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Sue" wrote in message ... Oh and here is that log file I mentioned earlier! I think I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#15
|
|||
|
|||
Help! Interntet stops in few minutes
Can't get F- all here, Shane.
No BB No cable even the mobile phone goes dead as I walk in the door! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Shane" wrote in message ... Can't you get Tiscali/Wanadoo ADSL there, Noel? Shane "Noel Paton" wrote in message ... You're not the only one who has to live with 56K connection - so do I! You never mentioned that you were running a firewall! - turn NIS off and see if that helps!! Looking down the list, the following items strike me as 'unusual' Running Processes C:\WINDOWS\SYSTEM\RPCSS.EXE - see http://cexx.org/rpc.htm BHO's, etc O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe This is UPnP - not related to Windows Plug and Play, it's very unlikely that you need it, and it should be uninstalled from Add/Remove Programs|Windows Setup|Communications|Universal Plug and Play It looks as if you have Norton set to scan your email - don't bother!! Norton is bad enough on its own, without the additional overhead and bugs involved in their email scanner. O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet are you aware of the fact that you have the above as a trusted site?? - in theory, it shouldn't be necessary, if it's on an intranet. The only references I can find to such a site are in German and relate to warez sites - always a source of infections of all kinds! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Sue" wrote in message ... Oh and here is that log file I mentioned earlier! I think I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#16
|
|||
|
|||
Help! Interntet stops in few minutes
even the mobile phone goes dead as I walk in the door!
Surely that's a good thing? :-) -- Mike Maltby MS-MVP Noel Paton wrote: Can't get F- all here, Shane. No BB No cable even the mobile phone goes dead as I walk in the door! |
#17
|
|||
|
|||
Help! Interntet stops in few minutes
Sounds like you're in a Radon hotspot, Noel!
That'd explain a great deal! ;-) Shane "Noel Paton" wrote in message ... Can't get F- all here, Shane. No BB No cable even the mobile phone goes dead as I walk in the door! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Shane" wrote in message ... Can't you get Tiscali/Wanadoo ADSL there, Noel? Shane "Noel Paton" wrote in message ... You're not the only one who has to live with 56K connection - so do I! You never mentioned that you were running a firewall! - turn NIS off and see if that helps!! Looking down the list, the following items strike me as 'unusual' Running Processes C:\WINDOWS\SYSTEM\RPCSS.EXE - see http://cexx.org/rpc.htm BHO's, etc O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe This is UPnP - not related to Windows Plug and Play, it's very unlikely that you need it, and it should be uninstalled from Add/Remove Programs|Windows Setup|Communications|Universal Plug and Play It looks as if you have Norton set to scan your email - don't bother!! Norton is bad enough on its own, without the additional overhead and bugs involved in their email scanner. O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet are you aware of the fact that you have the above as a trusted site?? - in theory, it shouldn't be necessary, if it's on an intranet. The only references I can find to such a site are in German and relate to warez sites - always a source of infections of all kinds! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Sue" wrote in message ... Oh and here is that log file I mentioned earlier! I think I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#18
|
|||
|
|||
Help! Interntet stops in few minutes
LOL
-- MM Shane wrote: Sounds like you're in a Radon hotspot, Noel! That'd explain a great deal! ;-) |
#19
|
|||
|
|||
Help! Interntet stops in few minutes
Careful!
-- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Shane" wrote in message ... Sounds like you're in a Radon hotspot, Noel! That'd explain a great deal! ;-) Shane "Noel Paton" wrote in message ... Can't get F- all here, Shane. No BB No cable even the mobile phone goes dead as I walk in the door! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Shane" wrote in message ... Can't you get Tiscali/Wanadoo ADSL there, Noel? Shane "Noel Paton" wrote in message ... You're not the only one who has to live with 56K connection - so do I! You never mentioned that you were running a firewall! - turn NIS off and see if that helps!! Looking down the list, the following items strike me as 'unusual' Running Processes C:\WINDOWS\SYSTEM\RPCSS.EXE - see http://cexx.org/rpc.htm BHO's, etc O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe This is UPnP - not related to Windows Plug and Play, it's very unlikely that you need it, and it should be uninstalled from Add/Remove Programs|Windows Setup|Communications|Universal Plug and Play It looks as if you have Norton set to scan your email - don't bother!! Norton is bad enough on its own, without the additional overhead and bugs involved in their email scanner. O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet are you aware of the fact that you have the above as a trusted site?? - in theory, it shouldn't be necessary, if it's on an intranet. The only references I can find to such a site are in German and relate to warez sites - always a source of infections of all kinds! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Sue" wrote in message ... Oh and here is that log file I mentioned earlier! I think I'm meant to put that on the HiJackThis website, but I've not had the time to do that but I will do it... sometime... these damn 56k modem connections... they're soooo slow!! Logfile of HijackThis v1.97.7 Scan saved at 20:15:13, on 10/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5 \DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD- LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iolfree.ie:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D- 298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19- A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32 \Drivers\dcfssvc.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1 \SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1 \SYMANT~1\SNDSRVC.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: KODAK PICTURE TRANSFER SOFTWARE.LNK = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Researcher (HKLM) O9 - Extra button: Dell Home (HKCU) O9 - Extra button: Mail (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://kk- intranet/sharepoint/ O15 - Trusted Zone: http://*.kk-intranet O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swf lash.cab O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab |
#20
|
|||
|
|||
Help! Interntet stops in few minutes
If I had BB, then yes, it would be a good thing, but I'd like to be able to
get phone calls occasionally!g -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Mike M" wrote in message ... even the mobile phone goes dead as I walk in the door! Surely that's a good thing? :-) -- Mike Maltby MS-MVP Noel Paton wrote: Can't get F- all here, Shane. No BB No cable even the mobile phone goes dead as I walk in the door! |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
keyboard stops responding | jimm | General | 3 | July 21st 04 10:33 PM |
WinMe reboots minutes after dialup connection is established | Serban Andrei Dumitrescu | General | 5 | July 3rd 04 09:09 AM |
Mouse Pointer Won't work for several minutes after starting | john | Setup & Installation | 0 | June 24th 04 04:31 AM |
Computer Stops Responding when on Internet | Travy | General | 0 | June 15th 04 04:34 PM |
msgsrv32 stops responding | amanda | General | 1 | June 4th 04 05:47 PM |