| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 67652 | 2006-04-02 18:02:00 | Dial Up Connection Problems - Please Help | MattJ (10124) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 443151 | 2006-04-02 18:02:00 | Hi All, This is my first post - so I hope I'm in the right place... I still use dial-up to get online... From yesterday something is trying to take over my Dial-Up Connection, when I click on the icon to go on line a new number has replaced the usual free one... So I change this to my proper details and connect up fine......But when I disconnect and try to connect again this has all reverted to this bogus dial up details, I presume its hoping that I will dial up some international number or some other expensive number… I delete the connection in my network places and make a new one and it keeps changing it?? I have a firewall up that comes with WinXP (Service Pack 2) and I have scanned for Viruses & Trojans etc with AVG Free & A squared... Can any one help me out as to how to fix this without a format?? Thanks in advance for any suggestions... I have been using Ad-Aware SE and SpyBot, as recommended in the FAQ at pressf1.pcworld.co.nz 16 and I am wondering what to do next – should I try to run Hijack or one of the other programs on the list? If I run Hijack can I post the log on this board – and will one of you be able to take a guess as to what the problem is? Many Thanks Matthew. |
MattJ (10124) | ||
| 443152 | 2006-04-02 19:24:00 | Hi, and Welcome to PressF1 :) If Sybot and Adaware are not detecting any problems with dialers, then download and run Hijackthis. Post your entire log back in this thread and someone will be able to look it over for you. |
Jen (38) | ||
| 443153 | 2006-04-02 19:48:00 | as well as doing what Jen suggests, down load and run stinger and a2 ( a squared) both are free and are good trojen hunters/killers. | beama (111) | ||
| 443154 | 2006-04-02 20:14:00 | And well done for spotting the dirty little trick. | Greg (193) | ||
| 443155 | 2006-04-02 20:59:00 | Hi guys, This is the lof from Hijack This - I ran it in Windows Diagnostic Mode (as advised on the FAQ from where I downloaded it: Logfile of HijackThis v1.99.1 Scan saved at 20:48:16, on 02/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Tools\HJ\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - www.symantec.com O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - www.symantec.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www.symantec.com O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {43331111-1111-1111-1111-611111195622} - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www.symantec.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) Many Thanks for any help Matthew. |
MattJ (10124) | ||
| 443156 | 2006-04-02 21:16:00 | Boot into safe mode Matt. Run hijackthis again, tick these entries and tick fix checked. O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {43331111-1111-1111-1111-611111195622} - Then get ccleaner (http://www.ccleaner.com) if you havent got it yet. Download this, install it, run it, then click on run cleaner. To get rid of the temp files etc on the hdd. |
Speedy Gonzales (78) | ||
| 443157 | 2006-04-03 00:13:00 | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080 O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ is this your home page ? possible hijack/redirect O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) these shouldn't be there, delete if you don't know what they are. edit: the HJT log dosn't show that you have antivirus installed and also install a decent firewall, windows one dosn't do stuff all. |
tweak'e (69) | ||
| 443158 | 2006-04-04 17:14:00 | Many thanks to everyone who replied - thanks to your help, the dialer has gone - I can now dial the normal number without hastle. This computer is new, and I do have Norton for it, but it will not install - so I'm using AVG Free for my virus protection, but I was wondering if anyone could advise me on a good free firewall. Many Thanks Matthew. |
MattJ (10124) | ||
| 443159 | 2006-04-04 18:07:00 | In my opinion . . . dump Nortons and get the newest version of Windows Defender for a firewall . . . it gets updated all the time and it has some new tools . Use the AVG Free and get CrapCleaner, Spybot S&D . I also use AdAware (not ADWARE!) and SpywareBlaster . Make sure you have the latest updates and hotfixes from Windows . . . get them b4 it's too late . You'll need WGA for updates other than the security ones . . . get the qualifier and don't look back . . . it's the right thing to do . If you ever get DSL, get a router even if you are the only 'puter on that line . It acts as a hardware firewall and really helps . Use Firefox and Gmail and GChat . . they aren't on the IE platform . Stay away from IE like the plague except for Windows Updates . There are other ways to get the Windows Updates from a third-party site . Just ask if you want one . I also make sure to run Belarc Adviser on every change I make to hardware and peripherals . It gets the keys and licenses all available to print for a current profile of your system . . . keep a print-out of it for future reference . . . it can be a lifesaver . It will also inform you of missing updates and if you're security is up to snuff . Another program I run is MSBA; Microsoft's Baseline Security Adviser . It will also give you some insights to your system's weaknesses and strengths . You can always find copies of your opsys online . . . . . but the keys are the hard part to replace . |
SurferJoe46 (51) | ||
| 443160 | 2006-04-04 22:06:00 | Re Hijack readout have a look at castlecops.com to give you an idea of what you are looking at. |
FrankS (257) | ||
| 1 | |||||