0

can any of you help a damsel in distress?
For the last couple few days my modem keeps dialling the internet. It's a right pain. :mad:
When I start the computer, its away dialling. I click cancel and another box opens up, to which I click 'work offline'. Then the previous box appears and I have to click cancel again, then the other box, click 'work offline' again. Then it stops.
But if I try to open a Word file, it starts dialling away like a madman again, with me clicking and clicking these two boxes that appear as soon as I click the other. During the opening of Word files these boxes appear six times each (that's 12 times I have to click 'cancel' and 'work offline') and it takes well over a minute to open a Word file.
Meanwhile, I can open jpeg files ok, but if I right click on a jpeg icon the modem is dialling again and I have to click 'cancel' etc another four times before I can do what I intended when right-clicking.
This happens when I try to open other programmes too.

I have tried everything with this problem but nothing seems to work. It started after a NIS Live Update. I have tried System Restore but my computer says it can't (even though I enabled it). When I try to set up my own restore point the computer refuses to do it. The calender screen seems to be frozen, too.

My home workstation is Windows Me.

Is there a gallant knight in shining armour or a fellow technobabe who can help me pleeeeease??? Many thanks

5
Contributors
28
Replies
29
Views
12 Years
Discussion Span
Last Post by DMR
0

It sounds like some kind of virus-related problem to me. Go to this thread:

http://www.daniweb.com/techtalkforums/thread5690.html

Get Spybot and Ad-Adware; do the online virus scan as well.

After you run those, if you still have a problem, get hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, then copy and paste it in a new thread in the Virus forum along with the problem and steps you've already tried.

In the meantime, try disconnecting your modem (unplug it) when you don't actually need internet access.

0

thankyou very much for taking the time to help :D ,

I will give it a go. I've scanned with Norton and nothing was found. Norton is usually very thorough, despite its annoying querks.
But I haven't done an online virus scan.
I also forgot to mention that the problem persists when the modem is unplugged.
In another bizzare twist, my next door neighbour has just revealed she has the same problem. We both have the same ISP (Freeserve, which is now Wanadoo).
Does this shed a different light on the matter?

Many thanks again.

0

the plot thickens...
In fact its beginning to be quite a challenge for the best techie out there.
I did an online scan on the webroot site. It found two adware spies and 52 adware cookies. Nothing too bad. I bought, downloaded and installed Spy Sweeper. I scanned my computer. We quarantined then deleted the 2 adware spies and the 52 adware cookies.

Yet the problem persists!!! :( aaaaaaaaaaaargh!!!

any one interested in this, cos it sure as hell is unusual!
(being as I'm new here, and dont know my way about yet, feel free to move this thread if you feel it is in the wrong forum)

cheerz

0

Did you try hijackthis? as per dlh6213 suggestion?

When your modem attempts to dial out is it using your normal ISP number, or is it dialing another number?

I assume you use the modem for a dial up ISP??

SE (Dave)

0

the plot thickens...
In fact its beginning to be quite a challenge for the best techie out there.
I did an online scan on the webroot site. It found two adware spies and 52 adware cookies. Nothing too bad. I bought, downloaded and installed Spy Sweeper. I scanned my computer. We quarantined then deleted the 2 adware spies and the 52 adware cookies.

Yet the problem persists!!! :( aaaaaaaaaaaargh!!!

any one interested in this, cos it sure as hell is unusual!
(being as I'm new here, and dont know my way about yet, feel free to move this thread if you feel it is in the wrong forum)

cheerz

You don't need to buy programs to fix this ,all the ones we use here are free ,pleas get the hijackthis program advised in the previsous post by ,and scan and post a hijack this log .thanks
also click onthe icon to dial up and uncheck auto dial connection .

0

being as I'm new here, and dont know my way about yet, feel free to move this thread if you feel it is in the wrong forum

No problems in terms of being new to our site whatsoever. However, given the symptoms you've described, I'm moving this thread to our Viruses, Spyware, and Other Nasties forum. The unwarranted and automatic dial-up attempts can definitely be indicative of "unwanted guests" in your system. Let's either confirm or rule out that possibility before proceeding.

:)

0

thnks again guys,
sorry didnt know what hijackthis was. i've downloaded it now, so will give it a go. Will also check if it is dialling same number as normal (though i'm sure it is). I've tried unchecking the dial automatically box many times, it just reappears, checked.
i'll be back later, no doubt! might not be today though, got to go out. thanks again, much appreciated!

0

I've ran a hijackthis scan and here is the log.

Logfile of HijackThis v1.99.0
Scan saved at 20:10:10, on 06/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\GSP\GSPMENU.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B:Software\Intel\HaM
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb04385GB_ZNxmk27868GB
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

0

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

0

Thanks, i'm very greatful to you caperjack.
please could you tell me why I am doing this? Is there anything in the Hijack This log that indicates that I should do this? I have run a virus scan with NIS and scanned with Spy Sweeper - which killed some stuff as I have noted. I have also scanned with Spy Sweeper again an hour ago and nothing was found. Unless you can tell me you have worked out a specific threat/cause from the Hijack This log i can't really see the point of using Spybot ad Adaware. Especially because these two have caused untold problems to me in the past - on an XP machine at work. They are more trouble than they are worth.
If you can show me why this is necessary I will do it.
I await your command, fine good samaritan!
cheers! x

0

no not really just a general cleanup ,don't use them if you don't want to .
I have run them on at least 50 different computers from win95 to win xp pro and have never had a problem with them,and consider them the best to cleanup before really getting into picking apart the hijackthis log , .that why i suggest them ,but the choice is yours.

I could offer some advice but i don't know if you would follow it so i won't get to deep into the log but i would fix for sure
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab.

0

I have run them on at least 50 different computers from win95 to win xp pro and have never had a problem with them,and consider them the best to cleanup before really getting into picking apart the hijackthis log , .that why i suggest them...

Agreed. In terms of general "spyware" detection and removal tools, Ad Aware and SpyBot are the programs most used and most recommended by those of us who do this for a living. Having personally run both programs on about 100 systems (Win95 to XP); I can honestly say that I've never encountered a problem with either.

0

Go to Add/Remove Programs in your Control Panel and remove (if found):

MYWEBSEARCH
GSP

Scan with hijackthis and have it fix the following entries:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb04385GB_ZNxmk27868GB
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab

Make sure all windows other than HJT are closed before you hit the Fix button.

Reboot into Safe Mode

Go to these folders and delete the highlighted folder:

C:\PROGRAM FILES\MYWEBSEARCH
C:\Program Files\GSP

Reboot normally

Did you set up the 'freeserve' stuff yourself, or is that something you need to get rid of?

Close all browser windows, scan with hjt, and post a new log please.

0

Right, thankyou again everyone and what a helpful website you have caperjack! Cool!

LATEST
I've followed dlh6213's instructions and the new log is below for u (below) but I have some more clues that may - or most probably may not - be of help.

The Freeserve stuff is there because that's my default email (Wannadoo let us keep the old name and settings) and there is an old freeserve there too, from when Freeserve changed their settings. Should I remove something here?

Some more clues I must include -
1) the fault varied yesterday, and today, for a while, in that it suddenly started to allow me to right-click on icons (and press a key on a highlit icon). But the fault remained on Word file icon - as soon as I click to open the file it goes bananas. But the right-click problem has come back also (twice).
2) every kind of icon is affected by the right-click problem (as soon as I right-click on it, the modem dials-up), but if I highlight the icon with a single left click there is no problem BUT when I press a key, such as 'delete', it starts dialling! AND YES - THIS HAPPENS EVEN IN SAFE MODE!
3) it seems that I can open any file other than Word with a normal left double click, but not with right click.
4) opening a Word file makes it mad. Its a battle, it tries and tries and tries to diall-up the web, while I click 'cancel, cancel, cancel...' It takes two whole minutes to open a Word file! It's like it is mistaking the Word icon for an IE icon, or Outlook Express or something.
5) two or three years ago a strange phenomenon started hitting my computer regularly - usually after being online. Some of my icons would change, randomly. Sometimes Word files would display as webpages, or jpegs would appear as Adobes or whatever. They still worked, though. They would remain like this until I restarted the computer. This would happen quite regularly - not all the time, but regularly. I forget when it stopped happening - it just sort of wore itself down over a year or two so I didn't notice when it stopped completely. But it has started again recently, though not as frequently and not for at least a week before this dialling problem started (so I guess maybe they're not connected, but I thought I may as well tell you just incase it could shed some light on the matter?).

Any way, here is the log


Logfile of HijackThis v1.99.0
Scan saved at 23:40:30, on 07/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B:Software\Intel\HaM
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

0

Right, thankyou again everyone and what a helpful website you have caperjack! Cool!

your welcome ,but the site isn't mine,Its Danis',our long lost daughter !LOL

0

...our long lost daughter

Oh, no... have we lost here again?! That girl- always sneaking off to write new code, staying up late to tend to that "TechTalk" site... what are we going to do with her?

:mrgreen:


natasha,

You're log looks clean now; can you get the latest virus definition updates for NIS and run a full system scan to to see if it comes up with anything please? If not, the weird dialing behaviour may be the result of some sort of (non-malicious) registry/file-association corruption or the like.

I doubt we'll find the answer here, but do the following (if your computer will let you):

1. Open Windows Eplorer.
2. Click the View menu button and then chose the Folder Options item.
3. In the resulting windows, click the File Types tab, locate and hilight the ".doc" file extension, and then click Edit. Don't change anything; just look through the the file-association information; Is there anything in it that would indicate that Word documents (.doc files) are linked to anything other than Microsoft Word?

0

nope. everything looks normal there.

And I updated NIS yesterday.
i'm beginning to think it's supernatural! :eek:

how would I go about sorting out the corruption?
do you think my hardrive is on its way out? It's a really old computer now, nearly 5 years! I've been getting more and more problems recently, crashes, freezes, lack of memory, unstable notices, and I'm definately going to upgrade VERY soon.

but what a weird problem eh?

well, all I can say is a very BIG thankyou to you guys, you really have been good. I'll defo be recomending this site, quick answers, no surrenders, resourceful experts who know what they're talking about tec.

Nice one!

0

Given the bizarre nature of the problems you're describing and the fact that we can't have a physical look at your system, it's difficult to say where the cause(s) lie. Diagnostic and repair utilities like Norton Systemworks, Registry Mechanic, etc. might be able to help, but those utilities do cost money and there's no guarantee that they'll work.

In terms of your drive going bad, that's always a possibility. However, if you haven't done a clean reinstallation of ME in a while, it's just as likely that your software has gotten "ragged around the edges" over time and it's time to back up your data, reformat, and reinstall Windows from scratch. If you took that route though, I'd highly suggest installing something other than ME.

0

Caperjack, I think Natasha was referring to the links in your signature (though I could be wrong about that)

DMR, I agree with you about the Windows ME! :)

Tasha, a trip to Window Update may help, it will at least get you the Critical Updates for IE to help prevent unwanted intrusions. You could also try reinstalling Word. And, if you haven't done so already, backup all your important files! Then if your drive does fail, at least you won't lose the stuff you want to keep.

You can also get updates for software, that may help too. Here is a link to the US page, but you will probably need a different one:
http://office.microsoft.com/en-us/officeupdate/default.aspx

0

thanks guys.
I'll keep u posted how i get along. It may interest you.
big hug
natasha x

ps yes i was referring to the links, caperjack x

0

I'll keep u posted how i get along. It may interest you.

Please do keep us posted. We'd definitely like to know if you find the cause/solution, and by posting that info here you could be helping others out there who are having a similar problem. :)

0

just an afterthought before we rest this, did i mention that the dialling happens during start-up too? That is, this behaviour started the same time as the behaviour with the files, and is part of the problem. Is there an avenue here that I may have overlooked???

0

thanks guys.
I'll keep u posted how i get along. It may interest you.
big hug
natasha x

ps yes i was referring to the links, caperjack x

OHHHHHHHHHH ! they are not mine either ,but they are so good that i like share there existence!
Your problem drives me nuts that we don't have a fix .
did you check START /All programs ,and see if anything is in the Startup folder .

0

Your problem drives me nuts that we don't have a fix .

No kidding... :mad:

did you check START /All programs ,and see if anything is in the Startup folder .

Good point- check that.

0

Hi dudes!
I promised to let you know how I got on with this.
Like I said I was due for a new computer so before switching over I weeded my files to delete those I didn't want, including my Outlook Express inbox which had 2,500 emails I had kept for future reference(!). Well all I can say is that after I wrestled with this gargantuan task, the problem went away!
Then I remembered something that had happened just before the problem started; a Word attachment had gone berserk when I tried to open it and failed. I guess that this may have corrupted or confused Word. Either that or something else I deleted from my inbox was causing it.
Then again it may have been something Spysweeper hadn't picked up, as I have recently read bad reviews about it (and is it true that it has spyware itself???). I wish I had listened to you guys and used Spybot instead.

Anyway, I am up and running with my new XP machine now and am wondering what protection to use.
On my old PC (Win Me) I had Norton Anti Virus 2003, with subscriptions until April 2005, and Spysweeper.
Bundled with my new XP PC came Norton Anti-Virus 2005, free 61 day subscription, so I'll stick with that for now.
I have also been given McAfee Internet Security Suite 2005 Version 7.0 by a friend, but I haven't yet installed it as it doesn't rate as highly as Norton Internet Security 2005, which I am considering buying.
I am not going to re-install Spysweeper.

I reckon I'll download Spybot, and maybe Ad-aware. Will this work? i.e. not clash with Norton AntiVirus? And will it be enough protection (Norton AntiVirus 2005 includes a Firewall, I think, or maybe not...).

Then, when the free subscription Norton AntiVirus 05 ends, I'll replace it with NIS 2005. Do you reckon this will be OK and won't be clashing with Spybot and Adaware?
Will I need anything else?

But, to complicate things, I am getting broadband in a few days, which comes bundled with anti-virus and firewall software. Will these conflict and clach with Spybot, Ad-aware and Norton??? (I have 1024 RAM).

thanks guys x

0

1. All of the anti-virus programs I've dealt with (including McAffe and Norton) "play nice" with Ad Aware, SpyBot, etc.; you shouldn't have a problem with that.

2. In terms of which AV program to use, you'll get many different opinions on that based on everyone's (differing) experiences with the many A-V and firewall products available. In the end, you'll have to make that choice yourself.

I've been working with the Norton and McAfee products for many years, and my experiences have been mixed with each. Neither is perfect, and the newer versions of both products have caused more headaches for my clients than earlier versions ever did. I attribute that (at least partially) to fact that the older versions did one thing, and did that pretty well: they detected and removed viruses. The newer packages, however, now include "spyware" detection, firewalls, anti-spam features, privacy features, etc. As with all software packages, the more features you try to bundle in, the more likely it is that conflicts and bugs will arise. Your mileage may vary though, and since you already have a copy of both products, you can "test drive" each one on and see if you're happy with either.

Once you do decide on an anti-vius product, install that one only. You can run into problems if you run two different AV programs on your machine at the same time- they can "step on each other's toes" so to speak.

3. A firewall is a good additional measure of protection. Both Norton and McAfee's "Internet Security" packages include a firewall, and Zone Alarm and Sygate are two popular stand-alone firewalls (both have a free download version). As with your anti-virus program, you should only install one firewall; you'll definitely have conflicts otherwise.

4. For further recommendations on protecting your system, have a look at the last few pages of the following link. There you'll find general suggestions on preventative measures you can take, as well as links to the reputable (and mostly free) utilities you can you to help you out (it also tells you what utilities to avoid):

http://www.spywarewarrior.com/rogue_anti-spyware.htm

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.