Cannot stop Win98 activating Dial Up Conn

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Morning all!!

I have cleared a Comp. running Win98 of a whole heap of Adware etc, and Norton has fixed 8 virii and a trojan.
Spybot and Norton now show the comp as clear, but the Dial-Up Connection continues to pop up.
When closed it pops up immediately 4 or 5 times before closing for a few minutes - then repeats.
I cannot run Scandisk as the drive is too busy (although running Scandisk from DOS reports all is OK), and Defrag reports that the data is changing, so won't run.

I have posted a HiJack This log below, and would be grateful if someone would comment on it.
I was going to try deleting the last 7 entries, but HiJack this doesn't allow it.

It would probably be less trouble to reinstall win98, but I want to fix it for my own satisfaction!!!


C:\TEMP\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: CleanTemp.lnk = C:\Program Files\Utils1\CleanTemp\CleanTemp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

Many thanks in anticipation!!!
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Evening Chicon!

Thanks for the suggestion, I have run lspfix a few times in normal and in safe mode, but it reports as having made no changes.
I thought it may be due to a prog trying to update, but I cant find anything set to autoupdate (unless I'm missing something basic).
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
I've tried setting IE to never dial a connection, but it just pops up a box asking if I want to go online or work offline.

Do I really need the (010) Winsock lsp files or can I delete them - I don't see any in the win 98 I recently installed on my sons comp.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click on the link below to get lsp-fix.
Run that to fix your internet connection.

http://www.cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of lspak.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Restart in safe mode

Now delete the C:\windows\system\lspak.dll --> file

Reboot and post another log.
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Evening cybertech!

Thanks for responding, I've carried out your instructions, and posted a new log below.

The LSP files are now deleted, but the Dial up Connection dialogue box continues to pop-up frequently.

I note that in the Running processes, that C:\Windows\Rundll32.exe is running.
If I terminate this process (using HiJack This), the Dial up Conn. window ceases to pop-up.
However, I cannot find out where the command originates that starts running Rundll32.exe as a process.

All help gratefully received!!!



Logfile of HijackThis v1.98.2
Scan saved at 20:45:28, on 04/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\CVSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TEMP\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: CleanTemp.lnk = C:\Program Files\Utils1\CleanTemp\CleanTemp.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Have you checked your settings in Internet Options, connection?
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Hi Cybertech!

Yes, at present it is set to dial whenever a network connection is not present. If I set it never to dial a connection, I don't have the Dial up Conn. box, but the "Web Page is not available off line box", asking me if I want to connect.
I have messenger shut down so that doesn't dial out, and I have checked all the installed progs for a phone home setting.
I cant find any reason for the comp to dial out, and Norton On Line and the installed version report no virus, and spybot reports all clear.

It has me puzzled, but I would like to find out the cause for my own interest, although I should give the comp.back soon (I've had it 8 days). Maybe I should just reinstall Win98!!!!!!
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Afternoon Cybertech,

I've finally found what was activating the Dial up Conn dialogue box.

I installed Norton AV 2003, and it worked OK. It was set NOT to update automatically.
Normally, when Norton is installed, it asks for the prog to be registered - it didn't on this occasion, but behaved normally downloading the updates (all except fot the AV program, which wouldn't update for some reason).

I recalled some time ago after I had installed Norton AV on a comp. on which I hadn't yet set up an Internet account, that the AV prog. kept popping up to ask me to register.

As a matter of interest, I completely uninstalled Norton AV (inc. deleting the shared files, and also the associated LiveUpdate and Autoregister progs.).

All is now normal on the comp, and I have been able to run Scandisk and Defrag.
I have also run an on-line virus check, and all is OK.
Next stage is to install AVG, then I can give the comp.back to the young lad it belongs to!!

As always, thanks for your invaluable help.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Try removing this one:
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe

Close all applications and browser windows before you click "fix checked".
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi robmd, I didn't see your post at 9:28 this am until now. I'm very curious about that file in my post #10. Can you find out what it is? Right click, properties, version tab, Item name and value fields.
 

robmd

Thread Starter
Joined
May 10, 2002
Messages
111
Afternoon cybertech,

When right clicked on and properties selected, the file C:\WINDOWS\cvss.exe only returns one tab (general) in the dialogue box.

This just reports it as an application with a size of 23.5kb, and as an archive. No further info is available, but I note fron the last log I posted that it is associated in the registry with MSN Manager.

I will be deleting it anyway, and if everything appears to work OK - then it wasn't needed anyway!!!


Regards,
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top