-
September 3rd, 2004, 04:33 PM
#1
Stopping Auto-Dial At Startup?
I am working on a friend's computer that will automatically dial his ISP {56K} when the desktop loads. He is running XP Home with IE 6.0. There are no icons in the system tray to indicate that 3rd party software is doing this. His Outlook Express "General Preferences" says to check every 5 minutes for mail but "do not connect" if not already connected. I can't find any preferences under Internet Explorer either.
Any pointers on where to look to solve the auto-dialup problem?
Thanks Guys {and Gals},
Jeff
“If nothing changes, Nothing changes!”
-
September 3rd, 2004, 04:55 PM
#2
Registered User
Originally Posted by Farrar
I am working on a friend's computer that will automatically dial his ISP {56K} when the desktop loads. He is running XP Home with IE 6.0. There are no icons in the system tray to indicate that 3rd party software is doing this. His Outlook Express "General Preferences" says to check every 5 minutes for mail but "do not connect" if not already connected. I can't find any preferences under Internet Explorer either.
Any pointers on where to look to solve the auto-dialup problem?
Thanks Guys {and Gals},
Jeff
Have you run any anti-spyware software on the computer such as Ad-Aware or Spybot S&D?
-
September 3rd, 2004, 05:06 PM
#3
Originally Posted by meatwad
Have you run any anti-spyware software on the computer such as Ad-Aware or Spybot S&D?
Yes...As a matter of fact I ran both of those and CW Shredder. He gets a message when he attempts to connect to the Internet about sending the error report to Microsoft. I did have him connecting to the Net last week but his homepage had been hijacked and we could not reset the home page. Now, we can't get to the Net at all. We can connect to his ISP and download mail but getting to the Net is not possible now. I did have a command line to run to reinstall IE 6 on XP which I will try again. This worked before although his homepage was hijacked.
I guess this auto-dailing is a result of the trojan/virus hijacking the homepage?
Any ideas on proceeding?
Thanks,
Jeff
“If nothing changes, Nothing changes!”
-
September 3rd, 2004, 06:08 PM
#4
Registered User
Run hijack this and post the log.
Probability factor of one to one...we have normality, I repeat we have normality. Anything you still can't cope with is therefore your own problem.
-
September 3rd, 2004, 07:43 PM
#5
I think you just need to make a small settings change. Start by disconnecting from the internet. Next go in to "internet options" > connection. Select "never dial a connection". Next open Internet Explorer and attempt to go to a web page. The dial up box should open and ask if you want to connect to the internet. At this point you need to correct what is most likely your underlying problem. Uncheck the setting "connect automatically". Close out and head back to "internet options" and re set back to "always dial my default connection".
This should now display the "connection box" and prompt you each and every time you wish to go online. Hope this helps!
-
September 3rd, 2004, 08:49 PM
#6
Here is my Hijack This log file:
Logfile of HijackThis v1.97.7
Scan saved at 8:46:53 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\iefp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\WINDOWS\System32\qykmxn.exe
C:\WINDOWS\system32\javavs32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\joe\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdwbv.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdwbv.dll/index.html#12802
O2 - BHO: (no name) - {E2D18933-6CA1-461A-2D30-CC986B408A2C} - C:\WINDOWS\system32\netkh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xqlxuonep] C:\WINDOWS\System32\qykmxn.exe
O4 - HKLM\..\Run: [javavs32.exe] C:\WINDOWS\system32\javavs32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...010.7878935185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
“If nothing changes, Nothing changes!”
-
September 3rd, 2004, 10:31 PM
#7
Registered User
Boot into safe mode, kill the following in hijack, then delete the files:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdwbv.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdwbv.dll/index.html#12802
O2 - BHO: (no name) - {E2D18933-6CA1-461A-2D30-CC986B408A2C} - C:\WINDOWS\system32\netkh.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [xqlxuonep] C:\WINDOWS\System32\qykmxn.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
See here for more info: http://forums.windrivers.com/showthread.php?t=57348
Last edited by hudsonsmith; September 3rd, 2004 at 10:34 PM.
Probability factor of one to one...we have normality, I repeat we have normality. Anything you still can't cope with is therefore your own problem.
-
September 4th, 2004, 01:38 AM
#8
Originally Posted by hudsonsmith
Boot into safe mode, kill the following in hijack, then delete the files:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vdwbv.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vdwbv.dll/index.html#12802
O2 - BHO: (no name) - {E2D18933-6CA1-461A-2D30-CC986B408A2C} - C:\WINDOWS\system32\netkh.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [xqlxuonep] C:\WINDOWS\System32\qykmxn.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
See here for more info: http://forums.windrivers.com/showthread.php?t=57348
Thanks!
That solved the auto dialing. Now my problem is that I can connect to my ISP and download mail but any attempt to launch Internet Explorer results in an error and the browser is shut down before it can be launched. I ran a command line to reinstall IE BUT the problem persists. The windows error says the problem is in Module 1 with "explorer.exe".
Any ideas on this problem?
Thanks for the help,
Jeff
“If nothing changes, Nothing changes!”
-
September 4th, 2004, 06:19 AM
#9
Driver Terrier
Farrar, need the exact error for IE please
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 4th, 2004, 06:53 AM
#10
Originally Posted by NooNoo
Farrar, need the exact error for IE please
"Windows Explorer has encountered a problem and needs to close..."
When clicking on the "details link" of the above message:
Error signature
AppName: explorer.exe
ModVer: 0.0.0.0
AppVer 6.0.2800.1106
ModName unknown
offset: 01b45f0
Thanks!
Jeff
“If nothing changes, Nothing changes!”
-
September 4th, 2004, 07:02 AM
#11
Driver Terrier
This is likely to be a further spyware problem
Can you do a new hjt log and post it?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 4th, 2004, 07:08 AM
#12
Originally Posted by NooNoo
This is likely to be a further spyware problem
Can you do a new hjt log and post it?
Here is the new hjt log below:
Logfile of HijackThis v1.97.7
Scan saved at 7:07:33 AM, on 9/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\iefp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\WINDOWS\system32\javavs32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\Documents and Settings\joe\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - C:\WINDOWS\system32\crbs32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [javavs32.exe] C:\WINDOWS\system32\javavs32.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...010.7878935185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4B8F72F-8E50-47D4-BF9F-97856382C25F}: NameServer = 207.230.88.2 207.230.88.7
“If nothing changes, Nothing changes!”
-
September 4th, 2004, 08:46 AM
#13
Driver Terrier
There you go, the one that got away is
C:\WINDOWS\iefp.exe
Suggest you also uninstall and reinstall macafee - just in case something is corrupt there...
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 4th, 2004, 10:10 AM
#14
Originally Posted by NooNoo
There you go, the one that got away is
C:\WINDOWS\iefp.exe
Suggest you also uninstall and reinstall macafee - just in case something is corrupt there...
Thanks NooNoo.
I removed the file you mentioned above AND uninstalled McAfee BUT the same Windows Error message appears. I am at the point of doing a format/reinstall but I hate to go to all that trouble.
Any more ideas on what I might do?
Thanks for your help!
Jeff
“If nothing changes, Nothing changes!”
-
September 4th, 2004, 11:15 AM
#15
Registered User
Originally Posted by Farrar
Thanks NooNoo.
I removed the file you mentioned above AND uninstalled McAfee BUT the same Windows Error message appears. I am at the point of doing a format/reinstall but I hate to go to all that trouble.
Any more ideas on what I might do?
Thanks for your help!
Jeff
Its tied to this:
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - C:\WINDOWS\system32\crbs32.dll
These nasties change their names. You need to boot into safe mode and delete there. Check that the process isnt running in task manager and kill the references in hijack.
Probability factor of one to one...we have normality, I repeat we have normality. Anything you still can't cope with is therefore your own problem.
Similar Threads
-
By fastwaves in forum Spyware & Antivirus - Security
Replies: 4
Last Post: April 12th, 2004, 01:21 AM
-
By Rhiannon777 in forum Spyware & Antivirus - Security
Replies: 15
Last Post: April 2nd, 2004, 10:36 PM
-
By kato2274 in forum Windows XP
Replies: 5
Last Post: November 21st, 2002, 02:27 PM
-
By dork in forum Windows NT/2000
Replies: 2
Last Post: April 23rd, 2001, 05:06 PM
-
By Lorenzo Baldovini in forum Internet and Networking
Replies: 0
Last Post: January 17th, 2000, 11:55 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks