Results 1 to 8 of 8

Thread: Connection troubles...

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    5

    Post Connection troubles...

    i'm having trouble connecting to the internet. i still have dial-up (Juno) :-( when i try to connect Juno dials the service but after that services.exe maxes out my cpu. (cpu usage: 100%) i'm pretty sure it is the fault of coolwebsearch. i have removed 3 infectoins of coolwebsearch with cwshredder. also i think i have removed parts with HijackThis. i have run ad-aware 6.0 personal, spybot S&D and AVG free 6.0 all fully updated. i'm not sure what else to do. i know that my phone line works because my other computer connects fine with Juno. i have re-installed Juno and Internet Explorer. BTW...i use Firefox but my bro who also uses my comp uses IE...i plan to switch him to Firefox ASAP.

    here is my HijackTHis log:

    Logfile of HijackThis v1.98.2
    Scan saved at 8:17:25 PM, on 10/18/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mgabg.exe
    C:\mysql\bin\mysqld-max.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Search Engine Commando\ScheduleService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\System32\PDesk\PDesk.exe
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\WINNT\TrayComm.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
    C:\Program Files\1stQL\1stql.exe
    C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    D:\Downloaded Apps\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [M2WNotifierService] C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ScreenSaverControl] C:\Documents and Settings\Grande\Local Settings\Temp\ScreensaverControl.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
    O4 - Startup: 1st QuickLaunch.lnk = C:\Program Files\1stQL\1stql.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    ==Cyber-pirate==

  2. #2
    Junior Member
    Join Date
    Jul 2003
    Posts
    5

    oops....

    oops...forgot to tell yall my OS: Win 2k Pro SP4

    :-P

    thanx in advance
    ==Cyber-pirate==

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well...

    I see 2 things in the log...(although I am NO expert)

    One is a remote desktop\access application Real VNC
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    and if you didnt put that there...well then...someone did


    The other is .......???? maybe someone else can identify

    O4 - Startup: 1st QuickLaunch.lnk = C:\Program Files\1stQL\1stql.exe
    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    well first of all. i think you need to go out and get some more stuff to install and make sure it automatically starts up when you start up your machine. i don't think you have enough there.

    WHAT IS WRONG WITH YOU?

    #1 - the more stuff you have running and starting up, the harded it is to toubleshoot what APP is causing the problem.

    #2 - what is the webrelated.htm & 1stql.exe stuff???

    #3 - is the are reason for mysql???

    i once supported a PC that got infected with some virus/malware and it installed WINVNC. did you install that?
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    1stq..............Is that the 1st Quicklaunch app??? If so isn't it a win 95/98 app??

    The web related looks suss..........have you looked at the files they point to??
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    Junior Member
    Join Date
    Jul 2003
    Posts
    5
    i installed 1st Quick Lauch. it is a program that allows me to assign keyboard schortcuts to certain programs. i did install WinVNC. i know the risks but my home network is pretty secure. i've been working with mysql recently so there is a point to having that installed. im not sure what webrelated.htm is. should i remove it?
    ==Cyber-pirate==

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Those web related entries relate to Alexa there is some info here if you are interested:

    http://computercops.biz/postp329653.html

    They should be safe to fix with hijack this but i do not think they are related to your connection problems.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Here's a couple of the other running processes that may be questionable:

    C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
    O4 - HKLM\..\Run: [M2WNotifierService] C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
    Mail2World Notifier
    By: Mail2World U.S.
    Checks Mail2World webmail account, with fast access to M2W on web; minimizes to tray; new-message alerts.

    C:\WINNT\TrayComm.exe
    http://www.traycomm.com/help.html#Q3
    some kind of screensaver?

    C:\Program Files\Search Engine Commando\ScheduleService.exe
    http://www.searchenginecommando.com
    ???

    C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
    Looks like these are related.
    PPE stands for PCI Performance Enhancer. It is a program of Pinnacle and is used to speed up the performance while using Homevideo programs like Studio 7 or 8 sold by Pinnacle. ppe.exe is located in "C:\Program Files\Pinnacle\PPE\

    Answers That Work listed these running procesess as questionable. I'd read their descriptions and determine what course of action you want to take:
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe

    For the web\related.htm files, it looks as if you should get rid of them. I checked across a couple other discussion forums and all recommended to use HiJackThis to fix these:

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

    That's it for now. I'm getting tired and have work early in the AM. Hopefully this helps.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •