| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60012 | 2005-07-19 23:13:00 | Dial up user name | smithie 38 (6684) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 373656 | 2005-07-19 23:13:00 | Hi folks. Every so often my user name for dial up changes. For example, last night I went off line, had tea and when I came back to sign on again my user name had disappeared and the letter "k" was showing in its place, in the dial up window. This occurs perhaps once a fortnight or so. Any reason why this is happening?? I have counterspy and NOD32 installed. Thanks Smithie :( |
smithie 38 (6684) | ||
| 373657 | 2005-07-20 06:15:00 | All a bit odd. Just to make sure nothing nasty is lurking in the depths of your machine, download HijackThis (www.majorgeeks.com) and then paste the generated log here (www.hijackthis.de) and see what is flagged. The online analyser is not perfect, so check what items are flagged as suspicious before deleting them. If you are not sure, then post your log here. :) | Jen (38) | ||
| 373658 | 2005-07-20 08:07:00 | Hi Jen Thanks for your reply. I am definitely unsure of what to delete from the following log, and would appreciate your expert guidance. The only nasty showing up is item no 017. I await your advice Thanks Smithie Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\RBD7C~1.SMI\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C45" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{766C7AE7-5828-4F87-AED7-BFDB6DF9C661}: NameServer = 203.96.152.4 203.96.152.12 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe |
smithie 38 (6684) | ||
| 373659 | 2005-07-20 11:03:00 | If that happened to me I would suspect a rogue dualer. I would try deleting the current dialup and creating a new one. Trawling thu a HiJack this log is great but I don't know enough about everything present. Tried other malware busters like AdAware and Spybot S & D? Or trendmicro where you can get a virus scan and trojans etc. scan? HTH.....m | mark c (247) | ||
| 373660 | 2005-07-20 11:26:00 | That log looks clean to me. The only entry that would be suss, would be this 1 O17 - HKLM\System\CCS\Services\Tcpip\..\{766C7AE7-5828-4F87-AED7-BFDB6DF9C661}: NameServer = 203.96.152.4 203.96.152.12 If this wasnt your ip address then. And this C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE But this might be for the printer. |
Speedy Gonzales (78) | ||
| 373661 | 2005-07-20 11:33:00 | I would suspect you or someone else pressed the letter "k" | Rob99 (151) | ||
| 373662 | 2005-07-20 22:43:00 | Hi everyone and thanks for your replies. mark c - If the problem persists I will try deleting the current dial up and creating a new one as suggested by you as a last resort. In addition to counterspy I have Ad Aware and Spybot S & D so should be okay there. S G - The only entry showing up by Hijack This as a "nasty" is item 017 and as the ISP numbers are not mine I feel safe to delete this one in particular. Rob99 - I know I do some silly things at times but to press the letter k and this becomes my user name would mean I would need to go first to "change user name". I know I didnt do that. However I appreciate all your comments and thanks again Smithie |
smithie 38 (6684) | ||
| 373663 | 2005-07-20 23:02:00 | S G - The only entry showing up by Hijack This as a "nasty" is item 017 and as the ISP numbers are not mine I feel safe to delete this one in particular. Smithie The IP addresses in O17 are for Paradise's DNS. |
PaulD (232) | ||
| 373664 | 2005-07-21 00:34:00 | Paul, what do the initials DNS stand for? So therefore if they belong to Paradise's DNS are you saying I should not delete that particular item from my Hijack This list. I havent done anything stupid yet so no harm has been done Smithie |
smithie 38 (6684) | ||
| 373665 | 2005-07-21 00:46:00 | Those ip addresses are the Preferred/Alternate ip addresses for Paradise . . paradise . net . nz/access . html" target="_blank">www2 . paradise . net . nz The Domain Name System is the system that translates Internet domain names into IP numbers . A "DNS Server" is a server that performs this kind of translation . I would leave entry 017 alone . Otherwise u may not get on the net, until u re-enter them in properties in the dialup . (On XP, it should work with or without them anyway) . |
Speedy Gonzales (78) | ||
| 1 2 | |||||