| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95145 | 2008-11-26 03:05:00 | Ghost logins | John H (8) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 723051 | 2008-11-26 03:05:00 | I have had this happen three times in the past month, and both the Paradise helpline and I are stumped as to why. On each of the three occasions, I have lost internet connectivity, and nothing I could do could fix it. It happens suddenly - I have been using the net quite happily, and then nothing. Each time I have called Paradise, they have found that I have ghost logins against my account - Paradise then spits the dummy because there are too many logins on the same account. They can log me out, and I can then log back in again, but each time this happens, there is a long process either waiting for the helpline, or being engaged with the technician. On the second occasion, the techie thought that maybe the problem was with my modem. I changed the modem, but it has still happened again. The third tech walked me through the modem settings, and got me to turn off UPnP, but otherwise all other settings were fine. The only recent changes I have made to my WinXP Pro set up was to install Skype; and uninstall Bonjour service. Any ideas out there why this may be happening? Has anyone else experienced this? Thanks. |
John H (8) | ||
| 723052 | 2008-11-26 04:04:00 | Download and run: Spybot Malware Bytes Aantimalware Spyware Terminator Post a Hijackthis log here. And change your dialup password - or get the helpdesk to change it for you. |
pctek (84) | ||
| 723053 | 2008-11-26 05:00:00 | Thanks pctek. I have run the 3 Spyware apps as you suggest, after updating them all. Only thing found was Spybot - Windows Firewall Override, which is OK cos I have another firewall. I am on adsl not dialup - should I still try to get the password changed? Here is the Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:41 p.m., on 26/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SmartSync Pro\SmartSync.exe C:\Program Files\ZoneTick\zonetick.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ZoneTick\timesync.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 127.98.9.1 pop3.paradise.net.nz.b9 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3155D695-1CEF-441F-9241-052583190273}: NameServer = 203.97.33.14,203.97.37.14 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: ZoneTick Time (ZTime) - WR Consulting - C:\Program Files\ZoneTick\timesync.exe -- End of file - 6944 bytes Hmmm. I don't know anything about these files, but I notice a Yahoo toolbar entry there (I once installed it by accident with CCleaner but immediately uninstalled it, so not sure why that is there), and I don't recognise the gomicrosoft entries. Thanks for any help. |
John H (8) | ||
| 723054 | 2008-11-26 06:30:00 | I am on adsl not dialup - should I still try to get the password changed? C:\Program Files\ZoneTick\zonetick.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 127.98.9.1 pop3.paradise.net.nz.b9 O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3155D695-1CEF-441F-9241-052583190273}: NameServer = 203.97.33.14,203.97.37.14 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe Remove the above: Especially about:blank No, forget password. Are you using ethernet or wireless for your internet? |
pctek (84) | ||
| 723055 | 2008-11-26 07:54:00 | Thanks pctek. I did all that, and the internet connection spat the dummy. It was showing in the router that I was connected, but no connections were possible through the browser or email. I did a system restore, and then did the HJT thing again, but this time did not check 017, and all is fine again. Those addresses in 017 were given to me some time ago as the Paradise addresses - you may recall that quite a lot of us Paradise users could not connect to any of the BBC websites, and the fix at the time was to insert those addresses. Maybe that is the source of the problem - if this packs up again, I will raise that with the help desk. In answer to your question, this main pc connects via ethernet, but the family computer and my laptop (when it is in the house) connect wirelessly to a WAP which is connected to the router (they are two separate devices). Thanks for your help. |
John H (8) | ||
| 1 | |||||