1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot stop Win98 activating Dial Up Conn

Discussion in 'Virus & Other Malware Removal' started by robmd, Sep 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Morning all!!

    I have cleared a Comp. running Win98 of a whole heap of Adware etc, and Norton has fixed 8 virii and a trojan.
    Spybot and Norton now show the comp as clear, but the Dial-Up Connection continues to pop up.
    When closed it pops up immediately 4 or 5 times before closing for a few minutes - then repeats.
    I cannot run Scandisk as the drive is too busy (although running Scandisk from DOS reports all is OK), and Defrag reports that the data is changing, so won't run.

    I have posted a HiJack This log below, and would be grateful if someone would comment on it.
    I was going to try deleting the last 7 entries, but HiJack this doesn't allow it.

    It would probably be less trouble to reinstall win98, but I want to fix it for my own satisfaction!!!


    C:\TEMP\HIJACKTHIS\HIJACKTHIS.EXE

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: CleanTemp.lnk = C:\Program Files\Utils1\CleanTemp\CleanTemp.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

    Many thanks in anticipation!!!
     
  2. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
  3. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Evening Chicon!

    Thanks for the suggestion, I have run lspfix a few times in normal and in safe mode, but it reports as having made no changes.
    I thought it may be due to a prog trying to update, but I cant find anything set to autoupdate (unless I'm missing something basic).
     
  4. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    I've tried setting IE to never dial a connection, but it just pops up a box asking if I want to go online or work offline.

    Do I really need the (010) Winsock lsp files or can I delete them - I don't see any in the win 98 I recently installed on my sons comp.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Launch the application, and click the "I know what I'm doing" checkbox.

    Check all instances of lspak.dll (and nothing else), and move them to the "Remove" pane.
    Then click Finish.

    Restart in safe mode

    Now delete the C:\windows\system\lspak.dll --> file

    Reboot and post another log.
     
  6. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Evening cybertech!

    Thanks for responding, I've carried out your instructions, and posted a new log below.

    The LSP files are now deleted, but the Dial up Connection dialogue box continues to pop-up frequently.

    I note that in the Running processes, that C:\Windows\Rundll32.exe is running.
    If I terminate this process (using HiJack This), the Dial up Conn. window ceases to pop-up.
    However, I cannot find out where the command originates that starts running Rundll32.exe as a process.

    All help gratefully received!!!



    Logfile of HijackThis v1.98.2
    Scan saved at 20:45:28, on 04/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\CVSS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\TEMP\HIJACKTHIS\HIJACKTHIS.EXE

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: CleanTemp.lnk = C:\Program Files\Utils1\CleanTemp\CleanTemp.exe
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Have you checked your settings in Internet Options, connection?
     
  8. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Hi Cybertech!

    Yes, at present it is set to dial whenever a network connection is not present. If I set it never to dial a connection, I don't have the Dial up Conn. box, but the "Web Page is not available off line box", asking me if I want to connect.
    I have messenger shut down so that doesn't dial out, and I have checked all the installed progs for a phone home setting.
    I cant find any reason for the comp to dial out, and Norton On Line and the installed version report no virus, and spybot reports all clear.

    It has me puzzled, but I would like to find out the cause for my own interest, although I should give the comp.back soon (I've had it 8 days). Maybe I should just reinstall Win98!!!!!!
     
  9. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Afternoon Cybertech,

    I've finally found what was activating the Dial up Conn dialogue box.

    I installed Norton AV 2003, and it worked OK. It was set NOT to update automatically.
    Normally, when Norton is installed, it asks for the prog to be registered - it didn't on this occasion, but behaved normally downloading the updates (all except fot the AV program, which wouldn't update for some reason).

    I recalled some time ago after I had installed Norton AV on a comp. on which I hadn't yet set up an Internet account, that the AV prog. kept popping up to ask me to register.

    As a matter of interest, I completely uninstalled Norton AV (inc. deleting the shared files, and also the associated LiveUpdate and Autoregister progs.).

    All is now normal on the comp, and I have been able to run Scandisk and Defrag.
    I have also run an on-line virus check, and all is OK.
    Next stage is to install AVG, then I can give the comp.back to the young lad it belongs to!!

    As always, thanks for your invaluable help.
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Try removing this one:
    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe

    Close all applications and browser windows before you click "fix checked".
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi robmd, I didn't see your post at 9:28 this am until now. I'm very curious about that file in my post #10. Can you find out what it is? Right click, properties, version tab, Item name and value fields.
     
  12. robmd

    robmd Thread Starter

    Joined:
    May 10, 2002
    Messages:
    111
    Afternoon cybertech,

    When right clicked on and properties selected, the file C:\WINDOWS\cvss.exe only returns one tab (general) in the dialogue box.

    This just reports it as an application with a size of 23.5kb, and as an archive. No further info is available, but I note fron the last log I posted that it is associated in the registry with MSN Manager.

    I will be deleting it anyway, and if everything appears to work OK - then it wasn't needed anyway!!!


    Regards,
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269279

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice