PDA

View Full Version : Dial Up Connection Problems - Please Help



MattJ
03-04-2006, 05:02 AM
Hi All,

This is my first post - so I hope I'm in the right place...

I still use dial-up to get online...

From yesterday something is trying to take over my Dial-Up Connection, when I click on the icon to go on line a new number has replaced the usual free one...

So I change this to my proper details and connect up fine......But when I disconnect and try to connect again this has all reverted to this bogus dial up details, I presume its hoping that I will dial up some international number or some other expensive number…

I delete the connection in my network places and make a new one and it keeps changing it??

I have a firewall up that comes with WinXP (Service Pack 2) and I have scanned for Viruses & Trojans etc with AVG Free & A squared...

Can any one help me out as to how to fix this without a format??

Thanks in advance for any suggestions...

I have been using Ad-Aware SE and SpyBot, as recommended in the FAQ at http://pressf1.pcworld.co.nz/faq.php?faq=pressf1_faqs_security#faq_pressf1_faq_ 16 and I am wondering what to do next – should I try to run Hijack or one of the other programs on the list?

If I run Hijack can I post the log on this board – and will one of you be able to take a guess as to what the problem is?

Many Thanks
Matthew.

Jen
03-04-2006, 06:24 AM
Hi, and Welcome to PressF1 :)

If Sybot and Adaware are not detecting any problems with dialers, then download and run Hijackthis. Post your entire log back in this thread and someone will be able to look it over for you.

beama
03-04-2006, 06:48 AM
as well as doing what Jen suggests, down load and run stinger and a2 ( a squared) both are free and are good trojen hunters/killers.

Greg
03-04-2006, 07:14 AM
And well done for spotting the dirty little trick.

MattJ
03-04-2006, 07:59 AM
Hi guys,

This is the lof from Hijack This - I ran it in Windows Diagnostic Mode (as advised on the FAQ from where I downloaded it:

Logfile of HijackThis v1.99.1
Scan saved at 20:48:16, on 02/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Tools\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Many Thanks for any help
Matthew.

Speedy Gonzales
03-04-2006, 08:16 AM
Boot into safe mode Matt. Run hijackthis again, tick these entries and tick fix checked.

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {43331111-1111-1111-1111-611111195622} -

Then get ccleaner (http://www.ccleaner.com) if you havent got it yet. Download this, install it, run it, then click on run cleaner. To get rid of the temp files etc on the hdd.

tweak'e
03-04-2006, 11:13 AM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

is this your home page ? possible hijack/redirect


O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

these shouldn't be there, delete if you don't know what they are.

edit: the HJT log dosn't show that you have antivirus installed and also install a decent firewall, windows one dosn't do stuff all.

MattJ
05-04-2006, 04:14 AM
Many thanks to everyone who replied - thanks to your help, the dialer has gone - I can now dial the normal number without hastle.

This computer is new, and I do have Norton for it, but it will not install - so I'm using AVG Free for my virus protection, but I was wondering if anyone could advise me on a good free firewall.

Many Thanks
Matthew.

SurferJoe46
05-04-2006, 05:07 AM
In my opinion...dump Nortons and get the newest version of Windows Defender for a firewall...it gets updated all the time and it has some new tools. Use the AVG Free and get CrapCleaner, Spybot S&D. I also use AdAware (not ADWARE!) and SpywareBlaster.

Make sure you have the latest updates and hotfixes from Windows...get them b4 it's too late. You'll need WGA for updates other than the security ones...get the qualifier and don't look back...it's the right thing to do.

If you ever get DSL, get a router even if you are the only 'puter on that line. It acts as a hardware firewall and really helps.

Use Firefox and Gmail and GChat..they aren't on the IE platform. Stay away from IE like the plague except for Windows Updates. There are other ways to get the Windows Updates from a third-party site. Just ask if you want one.

I also make sure to run Belarc Adviser on every change I make to hardware and peripherals. It gets the keys and licenses all available to print for a current profile of your system...keep a print-out of it for future reference...it can be a lifesaver. It will also inform you of missing updates and if you're security is up to snuff.

Another program I run is MSBA; Microsoft's Baseline Security Adviser. It will also give you some insights to your system's weaknesses and strengths.

You can always find copies of your opsys online.....but the keys are the hard part to replace.

FrankS
05-04-2006, 09:06 AM
Re Hijack readout have a look at

http://castlecops.com/HijackThis.html

to give you an idea of what you are looking at.