Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


A log. It needs analyzation, apparently.

  • Please log in to reply
1 reply to this topic

#1 fivre


  • Members
  • 1 posts
  • Local time:07:02 AM

Posted 30 July 2005 - 10:19 PM


Recently, my connection has been acting up. It connects normally, and runs fine for some period of time. Then it just stops.

The connection remains connected, but there is simply no upstream or downstream traffic. None. Opening the connection status window will show the sent/recieved values, doing absolutely nothing.

To clarify, some data does get through, but not a reasonable amount. Some conversation will come through on IRC, albeit with gigantic gaps in between recieving messages sent.

Generic info:
OS: Win 2k
ISP: AT&T Worldnet, Central VA area.
Method: Dialup
Recent changes:
- Removal of two viruses (Socksbot and W32.Linkbot) manually (RegEdit, Explorer, and EndItAll to kill processes)

- Installation and uninstallation of ZoneAlarm Free (Latest version.)

- Installation of Kerio Free (Latest version.)

Conclusions thus far:

- The problem is within Windows. It does not occur on Linux.

- Closing any internet-related app has no affect. (Firefox, Kerio, Miranda, XiRCON IRC, Lightning Download.)

- All apps other than those vital to operation (listed) have been closed to no avail.. (foobar2000, Logitech iTouch and Mouseware, Powerstrip, TClock.)

Logfile of HijackThis v1.99.1
Scan saved at 11:00:21 PM, on 7/30/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\program files\powerstrip\pstrip.exe
F:\Program Files\Lightning Download\Lightning.exe
F:\Program Files\TC-Clock\TClock.exe
F:\Program Files\Lightning Download\Lightning.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\XiRCON\Xircon.exe
F:\Program Files\foobar2000\foobar2000.exe
F:\Program Files\Firefox\firefox.exe
C:\Program Files\Miranda IM\miranda32.exe
F:\Program Files\HijackThis\HijackThis.exe

O1 - Hosts: lloydstsb.co.uk
O1 - Hosts: online.lloydstsb.co.uk
O1 - Hosts: www.lloydstsb.co.uk
O1 - Hosts: www.lloydstsb.com
O1 - Hosts: personal.barclays.co.uk
O1 - Hosts: barclays.co.uk
O1 - Hosts: ibank.barclays.co.uk
O1 - Hosts: www.barclays.co.uk
O1 - Hosts: www.nwolb.com
O1 - Hosts: nwolb.com
O1 - Hosts: hsbc.co.uk
O1 - Hosts: www.hsbc.co.uk
O1 - Hosts: abbey.com
O1 - Hosts: www.abbey.com
O1 - Hosts: www.abbey.co.uk
O1 - Hosts: abbey.co.uk
O1 - Hosts: cahoot.com
O1 - Hosts: www.cahoot.com
O1 - Hosts: www.cahoot.co.uk
O1 - Hosts: cahoot.co.uk
O1 - Hosts: www.co-operativebank.co.uk
O1 - Hosts: co-operativebank.co.uk
O1 - Hosts: www.co-operativebank.com
O1 - Hosts: co-operativebank.com
O1 - Hosts: welcome2.co-operativebankonline.co.uk
O1 - Hosts: welcome6.co-operativebankonline.co.uk
O1 - Hosts: welcome8.co-operativebankonline.co.uk
O1 - Hosts: welcome10.co-operativebankonline.co.uk
O1 - Hosts: www.smile.co.uk
O1 - Hosts: smile.co.uk
O1 - Hosts: www.cajamar.es
O1 - Hosts: cajamar.es
O1 - Hosts: www.cajamar.com
O1 - Hosts: www.unicaja.es
O1 - Hosts: unicaja.es
O1 - Hosts: www.unicaja.com
O1 - Hosts: unicaja.com
O1 - Hosts: www.caixagalicia.es
O1 - Hosts: caixagalicia.es
O1 - Hosts: www.caixagalicia.com
O1 - Hosts: caixagalicia.com
O1 - Hosts: activa.caixagalicia.es
O1 - Hosts: www.caixapenedes.es
O1 - Hosts: caixapenedes.es
O1 - Hosts: www.caixapenedes.com
O1 - Hosts: caixapenedes.com
O1 - Hosts: bancae.caixapenedes.com
O1 - Hosts: www.caixasabadell.es
O1 - Hosts: caixasabadell.es
O1 - Hosts: www.caixasabadell.net
O1 - Hosts: caixasabadell.net
O1 - Hosts: www.cajamadrid.es
O1 - Hosts: cajamadrid.es
O1 - Hosts: www.cajamadrid.com
O1 - Hosts: cajamadrid.com
O1 - Hosts: oi.cajamadrid.es
O1 - Hosts: www.ccm.es
O1 - Hosts: ccm.es
O1 - Hosts: www.haspa.de
O1 - Hosts: haspa.de
O1 - Hosts: ssl2.haspa.de
O1 - Hosts: www.dresdner-bank.de
O1 - Hosts: dresdner-bank.de
O1 - Hosts: www.dresdner-privat.de
O1 - Hosts: postbank.de
O1 - Hosts: www.postbank.de
O1 - Hosts: banking.postbank.de
O1 - Hosts: www.sparda-b.de
O1 - Hosts: sparda-b.de
O1 - Hosts: www.bankingonline.de
O1 - Hosts: www.raiffeisenbank-erding.de
O1 - Hosts: raiffeisenbank-erding.de
O1 - Hosts: www.vr-networld-ebanking.de
O1 - Hosts: vr-networld-ebanking.de
O1 - Hosts: www.bnhof.de
O1 - Hosts: bnhof.de
O1 - Hosts: www.deutsche-bank.de
O1 - Hosts: deutsche-bank.de
O1 - Hosts: meine.deutsche-bank.de
O1 - Hosts: www.citibank.de
O1 - Hosts: citibank.de
O1 - Hosts: cipehb13.cdg.citibank.de
O1 - Hosts: www.dkb.de
O1 - Hosts: dkb.de
O1 - Hosts: www.sparkasse-regensburg.de
O1 - Hosts: sparkasse-regensburg.de
O1 - Hosts: www.berliner-bank.de
O1 - Hosts: berliner-bank.de
O1 - Hosts: www.berliner-sparkasse.de
O1 - Hosts: berliner-sparkasse.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: bho2gr Class - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Lightning Download] F:\Program Files\Lightning Download\Lightning.exe
O4 - Startup: TClock.lnk = F:\Program Files\TC-Clock\TClock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

BC AdBot (Login to Remove)


#2 groovicus


  • Security Colleague
  • 9,963 posts
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:02 AM

Posted 01 August 2005 - 09:59 PM

If you still need help, could you post a fresh log please?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users