Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter #1
I have a problem that has me baffled.

My internet programs such as: Kazaa Lite K++, Mirc 6.12, Avant browser, (running under win xp) all hang from time to time for a few seconds. Kazaa being the worst. They are all latest versions.

It seems every time im using kazaa and connecting to someone to download a file it hangs (sometimes for about 30 sec or more). once im connected and downloading the file, evrything is fine.

Mirc does the same thing when im connecting to a server. Once connected to the server (doesnt matter which server), everything is fine.

Avant browser will freeze for a few secs when i click on links, but not always.

THE PROBLEM SOLVING
~~~~~~~~~~~~~~~

I defrgd my HDD.

I have used Mcafee to scan for viruses. I've used trojan remover and a other trojan detection programs to scan for, you guessed it, trojans. Nothing at all was found.

Nothing suspicious is loading at startup.

Ive run scans on my registry and repaired any problems i found.

ive checked event viewer... no help there.

I've reset tcp/ip settings using "netsh int ip reset".

being connected to the net with no programs open and running "netstat -n", brings up no connections.

i have not installed any new hardware, and as far as i know everything to do with hardware is tip top.

ive checked task manager... no suspicious programs are running. Basically nothing running at all and still problems.

ive reinstalled all 3 programs. Deleting everything that the uninstall function didnt.

I dont have any other problems. My pc is pretty much in tip top shape. Its P***ing me off. i cant think of anything else to do short of formating.

Anyone got any sugestions?
 

Attachments

·
Registered
Joined
·
10 Posts
Discussion Starter #3
This is what i got from that hijack program.

Logfile of HijackThis v1.97.3
Scan saved at 8:15:31 PM, on 24/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Avant Browser\avant.exe
C:\temp\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.apcstart.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.122.251.41:3128
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Chief\Application Data\Mozilla\Profiles\default\109u2d3z.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.apcstart.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.3063310185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E5233-6653-49A3-8B4D-96DD8AD51C45}: NameServer = 203.194.27.57 203.194.56.150

****************************************************
****************************************************

this entry here:

O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E5233-6653-49A3-8B4D-96DD8AD51C45}: NameServer = 203.194.27.57 203.194.56.150

would i be right in saying that this has something to do with my isp???
 

·
Registered
Joined
·
10 Posts
Discussion Starter #4
What ever that is, it is connecting through port 53 (domain name server port)
i dont have any servers setup on my system. Certainly no DNS servers.
 

·
Registered
Joined
·
113 Posts
Hi rowdyjebus

This is the traceroute for 203.194.27.57

traceroute to 203.194.27.57 (203.194.27.57), 30 hops max, 40 byte packets 1 manny.Firewall.Opus1.COM (192.245.12.95) 3.906 ms 2 Opus-GW (207.182.35.49) 12.694 ms 3 TAmerica-Opus-T1-3.Opus1.NET (66.62.80.165) 167.958 ms 4 lax1-edge-01.tamerica.net (66.62.5.195) 169.911 ms 5 gigabitethernet5-1-525.ipcolo1.LosAngeles1.Level3.net (63.215.71.1) 175.770 ms 6 unknown.Level3.net (209.244.10.133) 174.793 ms 7 so-5-3-0.bbr2.LosAngeles1.level3.net (209.247.9.153) 182.605 ms 8 so-1-0-0.mp2.SanJose1.level3.net (209.247.9.182) 190.417 ms 9 gige9-0.ipcolo1.SanJose1.Level3.net (64.159.2.35) 190.417 ms10 unknown.Level3.net (166.90.143.94) 216.783 ms11 ge2-2.1000.cor01-maew-sjc.comindico.net (203.194.0.197) 216.783 ms12 pos2-0.155.cor01-alex-scn.comindico.net.au (203.194.0.121) 344.705 ms13 pos4-1.155.cor01-kent-syd.comindico.net.au (203.194.0.165) 344.705 ms14 vlan2.msf01-kent-syd.comindico.com.au (203.194.29.251) 348.611 ms

Do you recognise ..... comindico.com.au ?

You can delete any 017 entry in the hjt log - if it is legitamate, it will be replaced by your isp the next time you log on.

steam
 

·
Registered
Joined
·
10 Posts
Discussion Starter #7
Thanks guys :)

I live in Australia, so i guess that IP address is legit.

Ive used that spybot program, it found this Alexa spyware that ad-aware didnt pick up, and a DSO exploit. I fixed em all but still the same s**t.

Apparently microsoft put out a patch for the DSO exploit that didnt fix it.

Anyways i'm thinking maybe it is hardware somewhere, or my modem drivers. I might reinstall the drivers and see how i go. Unfortunity the drivers for my modem havent been updated in years, its not supported anymore.

Anyways thanks again.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top