How to find which program is dialing up?

Lately I'm finding that my computer is connected to another computer when I have not connected to my ISP. When this happens there is NO Modem icon in the tray either, which makes me think that someone is trying to hide their tracks. I only find out that this is happening if I try to connect to my ISP or pickup the phone.

When I find the computer connected like this I cannot use IE, so it appears that it is not connecting to my ISP I think.

I have turned off automatic updates in Norton, which has not helped. Is there a way to tell which program is dialing and what number is being dialed?

Thanks

 

Welocme to the Best thee Windows BBS!

Sounds like you have a real Gremlin!

Didn't know how long you will be online here but give me 10 minutes and I will compose you some help.

Mike

 

Kcoon

Get HiJackThis: http://www.tomcoyote.org/hjt/

This program is stand-alone does not need installing. It is ready to run. Put it in a folder in C:\Program files called HiJackThis.

Then run it. Click Scan (do not Fix), at the bottom of the screen click the Save log. It will want to save the log, name it hijackthis, click OK. You will now have the log on the screen, copy it and paste it back in a message to us.

Next

Still in HiJackThis, Click Config, then Misc tools, then Generate a Startup List. When this list is on screen copy it and paste it back to us in another separate post.

With the info from the 2 lists above we can advise you specifically from there.

Get the above to us first then do this:

Spyware and adware removal

SpyBot http://security.kolla.de/index.php?...n&page=download
Run this twice delete all it finds, "ALWAYS" run this before AdAware.
Leave all it wants to leave after the second run.

To config SpyBot properly do this, as soon as installed, download and install updates choose all updates but skins and languages.

Then click settings-scan priority and select "Time Critical (blocks everything else) ". Then slide to the bottom of this page and under Expert settings check "Show expert buttons in.... "

Then Settings-filesets and check the bottom three items also so that all on this page are checked.

Run it twice delete all. Then run the immunize!

Get back to us.

mike

 

Thanks

I'll give these a shot, but I probably won't be able to do this till tomorrow though.

 

Ok I will be in some this evening, out to eat etc. But tomorrow my not be in much. Perhaps others can help.

But I think you have a real problem my friend, your computer may be living on borrowed time.

But do this one thing before you leave tonight.

Do a disk search for wingate.exe and if found delete it

Then click start-run
type

regedit

in regedit click the My Computer at the top

then hit ctrl f (to find)

in the find box type
login service
hit enter to find

if found highlite and hit delete

let me know!

mike

 

Dialing out

Go to zonelabs.com and download the free version of Zone Alarm, nothing gets in or out of your computer unless you authorize it, nothing, including your browser depending upon how you configure it. It will also tell you which programs are trying to connect, you will be surprised at how many are actually connecting all the time for various reasons and at how many things are trying to get into your computer. I wouldn't be without it. Microsoft issued a security warning about ALL windows versions except ME had flaws that would allow hackers to get into your computer except those that were running Zone Alarm, read about it at Zone Labs. No I don't work for them or get paid for touting thier product, I just like it.

 

Hello Loren,

I mostly agree with your post, but firewalls are only an element in security. The big hole in your argument is the browser and active X settings which a lot of users are ignorant of.

If activeX settings are set to automatically allow downloads, firewalls are useless as a preventative measure since the user "invited" the potential malware in.

Two sites on security:
http://www.windows-help.net/features/surf-safe.html

http://www.uksecurityonline.com/husdg/windowsxp.php This one on general security for XP.

BTW, I use ZA Pro on one of my OS's.

Regards - Charles

 

Dialing out

Charles, I fully agree with you, however we are talking about a program dialing out, not downloading. Zone Alarm will certainly stop that.

 

He needs a firewall that is for sure, but he really needs to fix the current problem.

So perhaps he has, he has not been back!

mike

 

I really don't think a firewall would help in this case. I understand that IE is unusable, it seems to be a direct modem to modem connection, not an internet connection. This doesn't rule out any uploading/downloading.
The high phone bill may reflect this.

 

Howdy all, sorry about the delay, been a busy weekend. Can't wait for Monday to get back to work and rest!

Here is the first log:

Logfile of HijackThis v1.95.1
Scan saved at 10:16:12 PM, on 7/20/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Wincmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
c:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12883a2bbf4283b29815/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37653.7757291667
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (Sony Pictures Game Downloader) - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D828177-A975-41C7-AF07-64FC1DF1A470}: NameServer = 216.58.192.15 216.58.192.11

 

Here's part two:

StartupList report, 7/20/2003, 10:17:32 PM
StartupList version: 1.52
Started from : c:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Wincmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
c:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kevin\Start Menu\Programs\Startup]
OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
NaturalColorLoad.lnk = ?
Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
diagent = "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
POINTER = C:\Program Files\Microsoft Hardware\Mouse\point32.exe
nwiz = nwiz.exe /install
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[symsupportutil]
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD4A.OSD

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\System32\Cult3D\IECult.dll
CODEBASE = http://i.a.cnn.net/cnn/resources/cult3d/cult.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/12883a2bbf4283b29815/netzip/RdxIE601.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37653.7757291667

[Sony Pictures Game Downloader]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SonyPicturesGameDownloader.ocx
CODEBASE = http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,051 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Geeze, I wish I hadn’t seen it now!

All of this and no broadband!

I’m surprised it runs at all. Half the stuff loading at startup is unnecessarily stealing processor cycles, and with so many leave plenty of room for conflicts. Almost all are not needed to run the program it comes from.
__________________________________________________
This is important I asked you to do the following as it can do exactly what you described. This is a new thing where **** sites bounce **** off of your computer so that they cannot be traced.

Did you do this!
Do a disk search for wingate.exe and if found delete it

Then click start-run
type

regedit

in regedit click the My Computer at the top

then hit ctrl f (to find)

in the find box type
login service
hit enter to find

if found highlite and hit delete
__________________________________________________

Here is most likely the problem, get rid of it.

Cdilla the following entries
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
Info on it
http://boards.cexx.org/viewtopic.php?p=1344

I also asked you in a prior message to download and run SpyBot as it can safely remove this in a way that will not affect the program that installed it.

InetInfo see if you really need this (See the startups and services links below)
http://computing.net/windowsnt/wwwboard/forum/15762.html


CtfMon same here, do you need this
http://support.microsoft.com/?kbid=282599

The program you need to control the startups is:
Startup control
http://www.mlin.net/StartupCPL.shtml

This gives simple and full control of what starts at boot up. After install there will be a Startup icon in control panel. Why this over Msconfig? Msconfig only allows unchecking/disabling of items. Startup Control panel allows deleting items or moving from startup to run as a service etc.

Your startups and services are very bloated, clean them up and you will think you have a new computer.

The following will help you to greatly improve the stability and performance if you will take the time to do them.

Look up the names in the startup list here to see if you need them. Look here:
Cleaning startups
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
http://jeh.ne.client2.attbi.com/TechSupport/index.htm
http://www.3feetunder.com/krick/startup/list.html
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
http://ww2.whidbey.net/djdenham/Uncheck.htm
http://www.pcisys.net/~ravnos2/techinfo/MSConfig.htm
http://www.forrestandassociates.co.uk/pcforrest/startups.html
http://www.djbdesigns.com/wtvzone/startup.html

http://tiger.la.asu.edu/startup_full.htm

Services cleanup look here:
XP & 2K Tweaks and services configuration
http://blackviper.com/WinXP/servicecfg.htm
http://members.internettrash.com/megapolon/xptweak2.html
http://www.theeldergeek.com/index.htm
http://www.kellys-korner-xp.com/xp_h.htm
http://www.dougknox.com/
http://tweakxp.com/tweakxp/
http://beemerworld.com/tips/servicesxp.htm
http://www.aumha.org/regfiles.htm

The cleaning and tweaking of the Startups and Services is your choice.

But the items to fix this problem are the Cdilla and the **** bounce thing above.

Your move.

Mike

 

I know there has be a lot of info. before this but if you go here you will be able to see info. about Dialers etc

HERE

 

Also forgot to say!

Check the permissions of the NIS (Norton Firewall) for programs you have allowed out.

If this program does this again. Hit Ctrl Alt Del and look at taskmanager to see what it is. In order to recognize it look now while it is not connected and get familiar with what is normal so you will notice it when it happens.

Mike

 

Thanks for the help

I have cleaned out a number of items. Time will tell if the mysterious phone connection continues.