Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A log. It needs analyzation, apparently.


  • Please log in to reply
1 reply to this topic

#1 fivre

fivre

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 30 July 2005 - 10:19 PM

Problem:

Recently, my connection has been acting up. It connects normally, and runs fine for some period of time. Then it just stops.

The connection remains connected, but there is simply no upstream or downstream traffic. None. Opening the connection status window will show the sent/recieved values, doing absolutely nothing.

To clarify, some data does get through, but not a reasonable amount. Some conversation will come through on IRC, albeit with gigantic gaps in between recieving messages sent.

Generic info:
OS: Win 2k
ISP: AT&T Worldnet, Central VA area.
Method: Dialup
Recent changes:
- Removal of two viruses (Socksbot and W32.Linkbot) manually (RegEdit, Explorer, and EndItAll to kill processes)

- Installation and uninstallation of ZoneAlarm Free (Latest version.)

- Installation of Kerio Free (Latest version.)

Conclusions thus far:

- The problem is within Windows. It does not occur on Linux.

- Closing any internet-related app has no affect. (Firefox, Kerio, Miranda, XiRCON IRC, Lightning Download.)

- All apps other than those vital to operation (listed) have been closed to no avail.. (foobar2000, Logitech iTouch and Mouseware, Powerstrip, TClock.)


Logfile of HijackThis v1.99.1
Scan saved at 11:00:21 PM, on 7/30/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\program files\powerstrip\pstrip.exe
F:\Program Files\Lightning Download\Lightning.exe
F:\Program Files\TC-Clock\TClock.exe
F:\Program Files\Lightning Download\Lightning.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\XiRCON\Xircon.exe
F:\Program Files\foobar2000\foobar2000.exe
F:\Program Files\Firefox\firefox.exe
C:\Program Files\Miranda IM\miranda32.exe
F:\Program Files\HijackThis\HijackThis.exe

O1 - Hosts: 85.192.32.112 lloydstsb.co.uk
O1 - Hosts: 85.192.32.112 online.lloydstsb.co.uk
O1 - Hosts: 85.192.32.112 www.lloydstsb.co.uk
O1 - Hosts: 85.192.32.112 www.lloydstsb.com
O1 - Hosts: 85.192.32.112 personal.barclays.co.uk
O1 - Hosts: 85.192.32.112 barclays.co.uk
O1 - Hosts: 85.192.32.112 ibank.barclays.co.uk
O1 - Hosts: 85.192.32.112 www.barclays.co.uk
O1 - Hosts: 85.192.32.112 www.nwolb.com
O1 - Hosts: 85.192.32.112 nwolb.com
O1 - Hosts: 85.192.32.112 hsbc.co.uk
O1 - Hosts: 85.192.32.112 www.hsbc.co.uk
O1 - Hosts: 85.192.32.112 abbey.com
O1 - Hosts: 85.192.32.112 www.abbey.com
O1 - Hosts: 85.192.32.112 www.abbey.co.uk
O1 - Hosts: 85.192.32.112 abbey.co.uk
O1 - Hosts: 85.192.32.112 cahoot.com
O1 - Hosts: 85.192.32.112 www.cahoot.com
O1 - Hosts: 85.192.32.112 www.cahoot.co.uk
O1 - Hosts: 85.192.32.112 cahoot.co.uk
O1 - Hosts: 85.192.32.112 www.co-operativebank.co.uk
O1 - Hosts: 85.192.32.112 co-operativebank.co.uk
O1 - Hosts: 85.192.32.112 www.co-operativebank.com
O1 - Hosts: 85.192.32.112 co-operativebank.com
O1 - Hosts: 85.192.32.112 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 www.smile.co.uk
O1 - Hosts: 85.192.32.112 smile.co.uk
O1 - Hosts: 85.192.32.112 www.cajamar.es
O1 - Hosts: 85.192.32.112 cajamar.es
O1 - Hosts: 85.192.32.112 www.cajamar.com
O1 - Hosts: 85.192.32.112 www.unicaja.es
O1 - Hosts: 85.192.32.112 unicaja.es
O1 - Hosts: 85.192.32.112 www.unicaja.com
O1 - Hosts: 85.192.32.112 unicaja.com
O1 - Hosts: 85.192.32.112 www.caixagalicia.es
O1 - Hosts: 85.192.32.112 caixagalicia.es
O1 - Hosts: 85.192.32.112 www.caixagalicia.com
O1 - Hosts: 85.192.32.112 caixagalicia.com
O1 - Hosts: 85.192.32.112 activa.caixagalicia.es
O1 - Hosts: 85.192.32.112 www.caixapenedes.es
O1 - Hosts: 85.192.32.112 caixapenedes.es
O1 - Hosts: 85.192.32.112 www.caixapenedes.com
O1 - Hosts: 85.192.32.112 caixapenedes.com
O1 - Hosts: 85.192.32.112 bancae.caixapenedes.com
O1 - Hosts: 85.192.32.112 www.caixasabadell.es
O1 - Hosts: 85.192.32.112 caixasabadell.es
O1 - Hosts: 85.192.32.112 www.caixasabadell.net
O1 - Hosts: 85.192.32.112 caixasabadell.net
O1 - Hosts: 85.192.32.112 www.cajamadrid.es
O1 - Hosts: 85.192.32.112 cajamadrid.es
O1 - Hosts: 85.192.32.112 www.cajamadrid.com
O1 - Hosts: 85.192.32.112 cajamadrid.com
O1 - Hosts: 85.192.32.112 oi.cajamadrid.es
O1 - Hosts: 85.192.32.112 www.ccm.es
O1 - Hosts: 85.192.32.112 ccm.es
O1 - Hosts: 85.192.32.112 www.haspa.de
O1 - Hosts: 85.192.32.112 haspa.de
O1 - Hosts: 85.192.32.112 ssl2.haspa.de
O1 - Hosts: 85.192.32.112 www.dresdner-bank.de
O1 - Hosts: 85.192.32.112 dresdner-bank.de
O1 - Hosts: 85.192.32.112 www.dresdner-privat.de
O1 - Hosts: 85.192.32.112 postbank.de
O1 - Hosts: 85.192.32.112 www.postbank.de
O1 - Hosts: 85.192.32.112 banking.postbank.de
O1 - Hosts: 85.192.32.112 www.sparda-b.de
O1 - Hosts: 85.192.32.112 sparda-b.de
O1 - Hosts: 85.192.32.112 www.bankingonline.de
O1 - Hosts: 85.192.32.112 www.raiffeisenbank-erding.de
O1 - Hosts: 85.192.32.112 raiffeisenbank-erding.de
O1 - Hosts: 85.192.32.112 www.vr-networld-ebanking.de
O1 - Hosts: 85.192.32.112 vr-networld-ebanking.de
O1 - Hosts: 85.192.32.112 www.bnhof.de
O1 - Hosts: 85.192.32.112 bnhof.de
O1 - Hosts: 85.192.32.112 www.deutsche-bank.de
O1 - Hosts: 85.192.32.112 deutsche-bank.de
O1 - Hosts: 85.192.32.112 meine.deutsche-bank.de
O1 - Hosts: 85.192.32.112 www.citibank.de
O1 - Hosts: 85.192.32.112 citibank.de
O1 - Hosts: 85.192.32.112 cipehb13.cdg.citibank.de
O1 - Hosts: 85.192.32.112 www.dkb.de
O1 - Hosts: 85.192.32.112 dkb.de
O1 - Hosts: 85.192.32.112 www.sparkasse-regensburg.de
O1 - Hosts: 85.192.32.112 sparkasse-regensburg.de
O1 - Hosts: 85.192.32.112 www.berliner-bank.de
O1 - Hosts: 85.192.32.112 berliner-bank.de
O1 - Hosts: 85.192.32.112 www.berliner-sparkasse.de
O1 - Hosts: 85.192.32.112 berliner-sparkasse.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: bho2gr Class - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Lightning Download] F:\Program Files\Lightning Download\Lightning.exe
O4 - Startup: TClock.lnk = F:\Program Files\TC-Clock\TClock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:16 PM

Posted 01 August 2005 - 09:59 PM

If you still need help, could you post a fresh log please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users