Forum Home
Press F1
 
Thread ID: 60639 2005-08-08 07:42:00 a ghost in the machine ? jonp (7517) Press F1
Post ID Timestamp Content User
379452 2005-08-08 07:42:00 I have dial up .

Now that you have all stopped laughing . . . on some, not all, occasions when i turn on my pc the dial up connection box automatically comes up . Being a careful chap i do nothave auto connect so it stops there .

I have done a hijack this run on the start up porcesses and cannot find anything that looks dodgy .

Does anybody suffer this (of course you to will have to confess to having dial up if this is the case - but don't let that put you off, you'll feel like a weight has been lifted after you tell the world !!) or have any suggestions ? 		jonp (7517)
379453 2005-08-08 07:55:00 Hey, dial-up users are people too.

Have you had a look in start/run - type in msconfig and see what apps are checked there to start? 		mark c (247)
379454 2005-08-08 08:13:00 Hey, dial-up users are people too.

Have you had a look in start/run - type in msconfig and see what apps are checked there to start?

thanks mark. i have tried that and nothing out of the ordinary seems to be around. i have also just tried a fancy website that checks your hijack this log and it came up with nowt unusual either. maybe just "one of thise things" ? 		jonp (7517)
379455 2005-08-08 08:18:00 Are you running Windows ME? bartsdadhomer (80)
379456 2005-08-08 08:21:00 Are you running Windows ME?


Indeed I am not. XP all the way.... 		jonp (7517)
379457 2005-08-08 08:26:00 Post your HJT log here. We'll see if u missed something Speedy Gonzales (78)
379458 2005-08-08 08:31:00 Are any antivirus or spyware proggys set to Auto update?
What proggys do you have running in the systray?
Also there is a particularly nasty dialer doing the rounds at the moment, Will cost you $75 if it manages to hook up
Update AV & Spyware proggys and do a full scan
I would also recommend downloading my favourite new tool the ewido suite and giving that a run, it picks up stuff others do not (make sure you update the defs after installing)
Also install a firewall eg Zone Alarm or the like, and it should inform you exactly what is trying to access the net 		bartsdadhomer (80)
379459 2005-08-08 08:34:00 Post your HJT log here . We'll see if u missed something


Why thankyou speedy .

Running processes:
C:\WINDOWS\System32\smss . exe
C:\WINDOWS\system32\csrss . exe
C:\WINDOWS\system32\winlogon . exe
C:\WINDOWS\system32\services . exe
C:\WINDOWS\system32\lsass . exe
C:\WINDOWS\system32\svchost . exe
C:\WINDOWS\system32\svchost . exe
C:\WINDOWS\System32\svchost . exe
C:\WINDOWS\System32\svchost . exe
C:\WINDOWS\System32\svchost . exe
C:\WINDOWS\system32\spoolsv . exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC . EXE
C:\Program Files\Eset\nod32krn . exe
C:\WINDOWS\System32\nvsvc32 . exe
C:\WINDOWS\System32\svchost . exe
C:\WINDOWS\system32\ZONELABS\vsmon . exe
C:\WINDOWS\System32\alg . exe
C:\WINDOWS\Explorer . EXE
C:\WINDOWS\mHotkey . exe
C:\WINDOWS\system32\RunDll32 . exe
C:\Program Files\Eset\nod32kui . exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe
C:\Program Files\QuickTime\qttask . exe
C:\Program Files\iTunes\iTunesHelper . exe
C:\Program Files\Microsoft AntiSpyware\gcasServ . exe
C:\WINDOWS\system32\RUNDLL32 . EXE
C:\Program Files\Spyware Doctor\swdoctor . exe
C:\Program Files\iPod\bin\iPodService . exe
C:\Program Files\WinZip\WZQKPICK . EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ . exe
C:\Program Files\Outlook Express\msimn . exe
C:\Program Files\Mozilla Firefox\firefox . exe
C:\unzipped\hijackthis\HijackThis . exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www . acer . com . au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg . dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2 . dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb . dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2 . dll
O4 - HKLM\ . . \Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC . EXE
O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE
O4 - HKLM\ . . \Run: [CHotkey] mHotkey . exe
O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup
O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install
O4 - HKLM\ . . \Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet . exe /r
O4 - HKLM\ . . \Run: [UpdReg] C:\WINDOWS\UpdReg . EXE
O4 - HKLM\ . . \Run: [Cmaudio] RunDll32 cmicnfg . cpl,CMICtrlWnd
O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe
O4 - HKLM\ . . \Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE . EXE /AUTORUN
O4 - HKLM\ . . \Run: [nod32kui] "C:\Program Files\Eset\nod32kui . exe" /WAITSERVICE
O4 - HKLM\ . . \Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe
O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime
O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe"
O4 - HKLM\ . . \Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ . exe"
O4 - HKCU\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\System32\NVMCTRAY . DLL,NvTaskbarInit
O4 - HKCU\ . . \Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor . exe" /Q
O4 - Global Startup: Adobe Gamma Loader . lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader . exe
O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office\OSA9 . EXE
O4 - Global Startup: WinZip Quick Pick . lnk = C:\Program Files\WinZip\WZQKPICK . EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2 . dll/cmsearch . html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2 . dll/cmbacklinks . html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2 . dll/cmcache . html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2 . dll/cmsimilar . html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2 . dll/cmtrans . html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb . dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll
O17 - HKLM\System\CCS\Services\Tcpip\ . . \{A3FA8C6C-83FC-432A-9F11-A918823881C0}: NameServer = 202 . 180 . 64 . 2 202 . 180 . 64 . 9
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx . exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc . - C:\Program Files\iPod\bin\iPodService . exe
O23 - Service: MpService - Canon Inc . - C:\Program Files\Canon\MultiPASS4\MPSERVIC . EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn . exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 . exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV . exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon . exe 		jonp (7517)
379460 2005-08-08 08:42:00 looks safe to me with the hjt log analyser Prescott (11)
379461 2005-08-08 08:46:00 yeah that's what I thought. Maybe it's a full moon ?? jonp (7517)
1 2