| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60062 | 2005-07-21 18:38:00 | Dial Up Connection Problems, Please help?? | martinuk (8571) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 374122 | 2005-07-21 18:38:00 | Hi All, First time here so I hope im inthe right place. Im still on an old Dial Up Connection(DUC) to get online. From yesterday something is trying to take over my DUC, when I click on the icon to go on line a new mumber has been added to be dialed. So I change this to my proper details and connect up fine......But when I disconnect and try to connect again this has all reverted to this bogus dial up details, I presume its hoping im gonna dial up some international number or summat I dont Know.......... I delete the connection in my network places and make a new one and it keeps changing it?? I have a firewall up that comes with WinXP and i have scanned for Viruses etc with Norton. Can any one help me out as to how to fix this without a format?? Thanks in advance for any suggestions Martin |
martinuk (8571) | ||
| 374123 | 2005-07-21 19:42:00 | get yourself spybot search and destroy and ad-aware and instal and run them both then remove all that they find.........sounds like you got some nasty dialler program......... | drcspy (146) | ||
| 374124 | 2005-07-21 21:10:00 | No doubt it is some nasty dialler making a nest in your computer. Meantime, you can check out PressF1's Spyware and adware etc. FAQ (pressf1.pcworld.co.nz 16) Cheers :) |
Renmoo (66) | ||
| 374125 | 2005-07-21 23:01:00 | No doubt it is some nasty dialler making a nest in your computer. Meantime, you can check out PressF1's Spyware and adware etc. FAQ (pressf1.pcworld.co.nz 16) Cheers :) I just downloaded and ran both programs mentioned, they found loads of things so theyare now gone........BUT it hasnt fixed my problem my dial up details are still being altered to this dial up hijacker or whatever it is??? Any more ideas? Regards as ever Martin |
martinuk (8571) | ||
| 374126 | 2005-07-21 23:13:00 | delete it then make a new one | Rob99 (151) | ||
| 374127 | 2005-07-21 23:26:00 | And run Hijackthis as well. Its in the FAQ. | pctek (84) | ||
| 374128 | 2005-07-21 23:42:00 | delete it then make a new one Done that and it just comes back!! |
martinuk (8571) | ||
| 374129 | 2005-07-21 23:44:00 | Can you post a hijacklog here? There's linkage to it in the FAQ | Edward (31) | ||
| 374130 | 2005-07-21 23:48:00 | And run Hijackthis as well. Its in the FAQ. Here is my Log file from Hijack this if anyone can understand it?? Thanks again Logfile of HijackThis v1.99.1 Scan saved at 23:46:07, on 21/07/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\usbn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC 2.EXE C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\webstaff\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.staffdata.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Internet Robust Download Manager] C:\Program Files\IRDM\IRDM.exe /STARTUP O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC 2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60" O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - groups.msn.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D2FC1-A318-493E-A077-47CA69EC8D74}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
martinuk (8571) | ||
| 374131 | 2005-07-22 00:03:00 | This is the prob. Tick these, and click on fix checked C:\WINDOWS\system32\usbn.exe - this is possibly an adult dialler. O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab Tick the above and reboot. Then see what happens. If Usbn.exe appears in task manager kill it first. |
Speedy Gonzales (78) | ||
| 1 2 | |||||