| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65014 | 2006-01-04 15:28:00 | My "#&ยค# internet keeps disconnecting! | kthxbye (17186) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1357642 | 2006-01-04 15:28:00 | Hey guys I have a problem which is literally driving me to insanity . . . i feel like taking my DI - 604 router and . . . oh do so much to it . . . . i've tried to find a resolution for this problem a loooong time now, My internet disconnects randomly . . . and then all of a sudden it becomes stable for a few hours, and then again it goes insane and disconnects every 5 min, sometimes every half hour and so on . I've searched this forum for help and came across a helpfull thread wherea guy had a similar problem if not exactly the same . . pcworld . co . nz/showthread . php?t=64222" target="_blank">pressf1 . pcworld . co . nz Maybe you guys can help me too? :D I also play a lot over battle . net and that's when the disconnecting really pisses me off T . T -DI - 604 -ADSL telia broadband 8mbit -and here's my hijackthis logfile Logfile of HijackThis v1 . 99 . 1 Scan saved at 16:21:44, on 2006-01-04 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\System32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program\Ahead\InCD\InCDsrv . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\system32\Ati2evxx . exe C:\Program\Alwil Software\Avast4\aswUpdSv . exe C:\Program\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\System32\cisvc . exe C:\FTP\Serv-U\ServUDaemon . exe C:\WINDOWS\System32\tcpsvcs . exe C:\WINDOWS\System32\snmp . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\MsPMSPSv . exe C:\Program\Alwil Software\Avast4\ashMaiSv . exe C:\Program\Alwil Software\Avast4\ashWebSv . exe C:\USEFUL~1\ASTONS~1\XP\internat . exe C:\Program\Viewpoint\Viewpoint Manager\ViewMgr . exe C:\Program\Delade filer\Real\Update_OB\realsched . exe C:\Program\Razer\razertra . exe C:\Program\Messenger Plus! 3\MsgPlus . exe C:\WINDOWS\System32\LVCOMSX . EXE C:\Program\Logitech\Video\LogiTray . exe C:\Program\Ahead\InCD\InCD . exe C:\Useful ****\Daemon Tools\daemon . exe C:\Program\ALWILS~1\Avast4\ashDisp . exe C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol . exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet . EXE C:\WINDOWS\system32\CTHELPER . EXE C:\WINDOWS\system32\rundll32 . exe C:\Program\Creative\MediaSource\RemoteControl\RCMa n . EXE C:\Program\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05 . exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01 . exe C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem . exe C:\Program\Logitech\Video\FxSvr2 . exe C:\Program\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05 . EXE C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\cidaemon . exe C:\Program\Alwil Software\Avast4\ashSimpl . exe C:\Valve\Steam\steam . exe C:\Useful ****\Winamp\winampa . exe C:\WINDOWS\SOUNDMAN . EXE C:\Useful ****\QuickTime\qttask . exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01 . exe C:\Program\Silicon Image\SiISATARaid\SATARaid . exe C:\WINDOWS\explorer . exe C:\USEFUL~1\ASTONS~1\aston . exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01 . exe C:\Useful ****\Crazy Browser\Crazy Browser . exe C:\DOCUME~1\Taro\LOKALA~1\Temp\Rar$EX00 . 500\Hijack This . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . myspace . com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://trackerwww . prq . to/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar F2 - REG:system . ini: Shell=C:\USEFUL~1\ASTONS~1\aston . exe ,svchost . exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6 . 0\Reader\ActiveX\AcroIEHelper . dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program\NewDotNet\newdotnet7_14 . dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper . dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program\TEXTware\QUICKfind\PlugIns\IEHelp . dll O4 - HKLM\ . . \Run: [WinampAgent] C:\Useful ****\Winamp\winampa . exe O4 - HKLM\ . . \Run: [ViewMgr] C:\Program\Viewpoint\Viewpoint Manager\ViewMgr . exe O4 - HKLM\ . . \Run: [UpdReg] C:\WINDOWS\UpdReg . EXE O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet . exe /r O4 - HKLM\ . . \Run: [razertra] C:\Program\Razer\razertra . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Useful ****\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP . EXE /SYNC O4 - HKLM\ . . \Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP . EXE /IMEName O4 - HKLM\ . . \Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck . exe O4 - HKLM\ . . \Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus . exe" O4 - HKLM\ . . \Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX . EXE O4 - HKLM\ . . \Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray . exe O4 - HKLM\ . . \Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart . exe O4 - HKLM\ . . \Run: [InCD] C:\Program\Ahead\InCD\InCD . exe O4 - HKLM\ . . \Run: [IMJPMIG8 . 1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\ . . \Run: [Explorer] C:\WINDOWS\iexplore . exe O4 - HKLM\ . . \Run: [DAEMON Tools-1033] "C:\Useful ****\Daemon Tools\daemon . exe" -lang 1033 O4 - HKLM\ . . \Run: [ avast! ] C:\Program\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol . exe /r O4 - HKLM\ . . \Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet . EXE O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [New . net Startup] rundll32 C:\Program\NEWDOT~1\NEWDOT~1 . DLL,ClientStartup -s O4 - HKCU\ . . \Run: [Skype] "C:\Useful ****\Skype\Phone\Skype . exe" /nosplash /minimized O4 - HKCU\ . . \Run: [SB Audigy 2 Startup Menu] C:\Program\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor . EXE O4 - HKCU\ . . \Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMa n . EXE O4 - Startup: PowerReg Scheduler . exe O4 - Global Startup: HP OfficeJet Startup . lnk = C:\Program\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05 . exe O4 - Global Startup: hpoddt01 . exe . lnk = ? O4 - Global Startup: Kalenderpåminnelser i Microsoft Works . lnk = ? O4 - Global Startup: Microsoft Office . lnk = C:\Program\Microsoft Office\Office\OSA9 . EXE O4 - Global Startup: SATARaid . lnk = C:\Program\Silicon Image\SiISATARaid\SATARaid . exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Useful ****\AIM\aim . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs . exe O10 - Hijacked Internet access by New . Net O10 - Hijacked Internet access by New . Net O10 - Hijacked Internet access by New . Net O10 - Hijacked Internet access by New . Net O10 - Hijacked Internet access by New . Net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - . zone . msn . com/binary/msgrchkr . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - . creative . com/su/ocx/15015/CTSUEng . cab" target="_blank">www . creative . com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsPAClient . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - . fileplanet . com/fpdlmgr/cabs/FPDC_2 . 1 . 0 . 69 . cab" target="_blank">www . fileplanet . com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - . bay14 . hotmail . msn . com/resources/MsnPUpld . cab" target="_blank">by14fd . bay14 . hotmail . msn . com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsClient . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - . zangocash . com/cab/Zango/ie/bridge-c18 . cab" target="_blank">static . zangocash . com O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} - . 35mb . com/downloadapplet . cab" target="_blank">www . 35mb . com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - . msn . com/download/MsnMessengerSetupDownloader . cab" target="_blank">messenger . msn . com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - . zone . msn . com/binary/ZIntro . cab32846 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - . phobos . apple . com . edgesuite . net/detection/ITDetector . cab" target="_blank">ax . phobos . apple . com . edgesuite . net O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - . com/su/ocx/15016/CTPID . cab" target="_blank">creative . com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - . zone . msn . com/binary/SolitaireShowdown . cab31267 . cab" target="_blank">messenger . zone . msn . com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp . dll" (file missing) O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtoco l . dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv . exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv . exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA . exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program\Ahead\InCD\InCDsrv . exe O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\FTP\Serv-U\ServUDaemon . exe Thanks ^^ |
kthxbye (17186) | ||
| 1357643 | 2006-01-04 17:20:00 | Welcome to PressF1. I've no experience in reading Hijack This logs, so you need to wait for an expert to get a proper job done here. But even my limited knowledge can spot the collection of nasties conveniently marked Hijacked Internet access by New.Net. You may like to start by checking out methods of getting rid of new.net at www.newdotnet.com Interesting...Now that I read more closely, it seems this may not be a problem at all, rather a jump to conclusions. It's worth a more thorough study than I've done. Other opinions welcome...] |
Laura (43) | ||
| 1357644 | 2006-01-04 17:36:00 | As suggested it is most likely due to new.net that has corrupted your winsock files. Download the fix from this link as it needs to be fixed before you consider anything else. www.snapfiles.com |
Safari (3993) | ||
| 1357645 | 2006-01-04 19:22:00 | tick and remove the following: These entries aren't nasty but they are unecessary unles you use INCD burning and a multi lauguage keybd layout C:\Program\Ahead\InCD\InCDsrv.exe C:\USEFUL~1\ASTONS~1\XP\internat.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Ahead\InCD\InCD.exe C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe C:\Valve\Steam\steam.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Useful ****\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - Startup: PowerReg Scheduler.exe These entries should be removed Turn off system restore first O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program\NewDotNet\newdotnet7_14.dll O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\Program\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - static.zangocash.com O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} - www.35mb.com O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtoco l.dll O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program\Ahead\InCD\InCDsrv.exe Run the winsock fix as Safari has said Then download ewido from www.ewido.net update it online after installation and do a complete scan |
bartsdadhomer (80) | ||
| 1357646 | 2006-01-04 22:23:00 | And delete this entry F2 - REG:system.ini: Shell=C:\USEFUL~1\ASTONS~1\aston.exe ,svchost.exe I think it belongs to Dyfuca.dl, a trojan. |
Speedy Gonzales (78) | ||
| 1357647 | 2006-01-04 23:12:00 | D-link make rubbish firmware so take a firmware upgrade/different brand modem into account as well... | Agent_24 (57) | ||
| 1357648 | 2006-01-04 23:20:00 | Also make sure you run Ad-aware & Spybot Search and Destroy to make sure HijackThis has not missed any thing pressf1.co.nz 16 |
stu161204 (123) | ||
| 1357649 | 2006-01-09 06:57:00 | Hey guys, thanks a lot for your help i really appreciate it . . . But sadly nothing worked > . < I am going to reformat the computer (I need to anyways) and we're changing internet suporter we hate telia . So hopefully that will help . . . otherwise i'll be back :D |
kthxbye (17186) | ||
| 1357650 | 2006-01-09 07:07:00 | I had a problem like this, I rang my ISP, and it turned out some setting for the router needed to be changed, because I had old setting or such. Maybe you could check with your ISP? Sorry if you already have, I didn't have much time to read this thread. | mejobloggs (264) | ||
| 1357651 | 2006-01-09 08:46:00 | I am going to reformat the computer (I need to anyways) Make sure you backup any imported info e.g. e-mail/ documents etc... See this FAQ: pressf1.co.nz on what to backup |
stu161204 (123) | ||
| 1 2 | |||||