Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dial-up Networking With A Mind Of Its Own.


  • Please log in to reply
27 replies to this topic

#1 chris_9

chris_9

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 20 August 2008 - 02:08 PM

Running XP SP3 all updated on a P4 with 768 Ram. I browse with SeaMonkey.

SpyBot draws a blank
AVG draws a blank
ZoneAlarm draws a blank
BitDefender draws a blank

On every boot, the DUN dials the default connection automatically without presenting me with the DUN window AND before I launch a browser or any other program. I've checked all the settings and everything is normal. I've systematically removed all services and it still launches and dials automatically. Some unknown process is forcing the dial.

I'm not sure if this is the correct area to post this so calm down on the chastization please if this is the wrong area.

BTW the settings in IE under the connections tab, where I'm given the choices to either "always dial my..." or "Dial whenever a network...." or "Never dial a connection", are to define the DUN behavior expected AFTER the browser is launched.

In other words, those choices do not affect the behavior I'm experiencing now.

Choosing "always dial my default..." is so when I launch a browser, the DUN window pops up and I can simply click "dial".
Choosing "Dial whenever...." I'm not sure what it does.
Choosing "Never dial...." the DUN window doesnt' pop up when I launch a browser.

This is not where the problem is.

All help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 26 August 2008 - 09:58 PM

anyone?
Bueller?
anyone?

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 26 August 2008 - 10:09 PM

Check your settings under Network Connections in the Control Panel.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 26 August 2008 - 10:27 PM

Yeah, thank man, but all those are normal. Isn't there some way to see what process is auto-launching the DUN?

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 26 August 2008 - 10:31 PM

I'm not sure, but if you use Outlook Express it might be the culprit.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 27 August 2008 - 09:12 AM

I use Outlook, not Outlook Express - regardless, all settings are normal.

And as I said, I systematically (one at a time) removed all services and re-booted with each removal and no service was launching the DUN. BTW, I turned them all back on once I concluded my tests.

I greatly appreciate your response.

Anyone know what's going on or how to find out what's going on?

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 27 August 2008 - 04:13 PM

It may be Windows Automatic Updates that is trying to connect to the net.

Also, I have heard of this type of behaviour being caused by a virus.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 27 August 2008 - 08:49 PM

Thanks,
Updates are set to initiate manually.
re initial post: all virus scanners say system is clean.

Edited by chris_9, 27 August 2008 - 08:51 PM.


#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 27 August 2008 - 09:55 PM

You could try using TCPView to see if that will tell you what process is trying to connect to the internet.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 28 August 2008 - 08:41 AM

Cool tool, didn't show anything out of the ordinary: Unless I'm not using it correctly.

#11 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 30 August 2008 - 07:22 PM

So I'll assume no one reading this has seen this problem before or knows how to solve/knows what is causing the problem.

Thanks anyway.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 31 August 2008 - 04:34 PM

Immediately after your computer boots, run TCPView and see what processes are trying to connect. Then, click OK on the dialogue box to allow the DUN connection and see if you can see, in TCPView, which process connects.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:46 AM

Posted 31 August 2008 - 04:54 PM

Did you set up your dun connection manually or with software provided by your isp?


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Chewy

No. Try not. Do... or do not. There is no try.

#14 chris_9

chris_9
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 03 September 2008 - 10:49 PM

Budapest,
Tried that and no go ... the DUN terminal window doesn't appear. It just dial's out on its own. All processes seem innocent enough though.

DaChew,
Set up the DUN using the standard windows set up wizard - though can do it manually. FYI this is new behavior. The connection has only recently started acting this way. Very recently I registered with this site and after performing the required procedures (prep for hjt log) the connection has taken upon itself to dial up on its own.

Re: Smit, no problems downloading/running the program, here is the log....

.... BIG THANKS ....

SmitFraudFix v2.345

Scan done at 22:52:18.90, Wed 09/03/2008
Run from C:\Temp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE

hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\user


C:\Documents and Settings\user\Application Data


Start Menu


C:\DOCUME~1\user\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{72759FF6-824B-49B3-86BD-89005AF6176B}: NameServer=209.171.52.133 66.38.173.67


Scanning for wininet.dll infection


End

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:46 AM

Posted 03 September 2008 - 11:30 PM

I don't see any signs of malware, most of your programs are problematic

Your modem might be defective
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users