• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1763
  • Last Modified:

DialUp Connection Popup at Startup

Hello everyone,

Every time I start pc, the dialup connection dialog pops up and I want to know which software is triggering it.

I tried looking into the win.ini and system.ini files, at the startup folder and under the startup tab of msconfig. Nothing abnormal.

Can anyone help me figure out the problem please? I am running Windows XP.

Regards
King_Diamond
0
King_Diamond
Asked:
King_Diamond
  • 19
  • 11
  • 5
  • +6
2 Solutions
 
war1Commented:
Greetings, King_Diamond !

Are you using dialup or broadband?

To disable dialup connection from poping up, go to Internet Explorer > Tools > Internet Options > Connections.  Select "Never dial a connection".  Click OK. Reboot computer.

Best wishes!
0
 
King_DiamondAuthor Commented:
Hello war1.

I am using broadband. Actually I would like to identify the software that is tying to connect to the internet rather than disabling the dialup connection from popping up.

Is there a way to achieve this?
0
 
war1Commented:
Look at your Startup menu in Start > Programs > Startup and see which one is starting the dialup. Look at the icons in your system tray.  Real Player and Windows Media Player like to dial home. So one of these may be using dialup instead of broadband.

For a more thorough check of all startup programs, look at System Configuration Utility. Go to Start > Run and type msconfig
Go to Startup tab.  Select hide Microsoft signed processes.  Then disable one process at a time to determine which one is opening the dialup connection.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
King_DiamondAuthor Commented:
As I said in my question, I already tried all this but had no luck!

Any other ideas please?
0
 
war1Commented:
King_Diamond,

Then use Process Explorer to see which program is starting up the dialup
http://www.sysinternals.com/Utilities/ProcessExplorer.html
0
 
callrsCommented:
Open Internet Explorer
Then Tools > Internet Options > Connections >

If there's an entry under "Dial-up and Virtual Private Network settings", either remove the entry(s), or put a check in "Never dial a connection"
0
 
NerdxCommented:
Yeh, I agree with callrs. I doubt any software would do this as it is something that may have simply happened by accident. Try going into:
My Computer -> My Network Places (on the side panel) -> View network connections (on the side panel).

See if there are any unnecessary connections that are there. I think that doing what callrs has suggested would work anyway, so try that first.

Regards,

# Nerd
0
 
King_DiamondAuthor Commented:
war1,
Nice software but didn't manage to solve the problem.

callrs, Nerdx,
I checked the connections. All connections ok. As in my previous post, I would prefer to identify the software that is triggering the popup rather than disabling a connection.

I did a virus and spyware scan as I am thinking that it might be some spyware but nothing was detected.
0
 
moorhouselondonCommented:
Try doing the virus/spyware scans in safe mode.  (Press F8 on boot-up).
0
 
NerdxCommented:
Like I said before, I highly doubt that this is a spyware/virus issue. It is just a setting that has been triggered somehow and needs to be disabled.

Try this, from the Microsoft Support site:
-----------------------------------------------------------------------------------------------------------------------------------------
Warning Some programs may configure the registry to dial automatically, and by altering this registry value, you may affect the functionality of these programs.

To configure Internet Explorer to not connect by using a modem, follow these steps:

1. Start Internet Explorer. On the Tools menu, click Internet Options.
2. Click the Connections tab, and then click Never dial a connection.
3. Click OK.
To set the AutoConnect value in the registry key to 0, follow these steps:1. Click Start, and then click Run.
2. In the Open box, type regedit, and then press ENTER.
3. Locate and select the following registry key:
HKEY_CURRENT_USER\RemoteAccess\Profile\<ConnectionName>
In the right pane, double-click the AutoConnect value, and then reset the value from 1 to 0.
-----------------------------------------------------------------------------------------------------------------------------------------

Regards,

# Nerd
0
 
moorhouselondonCommented:
Have you looked at the Task List just after startup (Ctrl Alt Deli) to see if there is anything visible there?
0
 
King_DiamondAuthor Commented:
What I need is to identify which application that is triggering the popup of the dialog.

I noticed a window popping up while booting up. The windows stays a fraction of a second so I couldn't figure out what it is. I restarted a million times to try to identify this window. It's a small window, empty, and named either Dialling or Dialog. It stays such a short time that I can't figure out what it is.
0
 
King_DiamondAuthor Commented:
Btw I did not install anything new. It just started popping up from "nowhere"!
0
 
NerdxCommented:
Go into My Computer -> Control Panel -> Administrative Tools (classic view) -> Event viewer
0
 
NerdxCommented:
The error message can be found there, so paste it here then we can look further into that - if it is related to the dialup at startup.

# Nerd
0
 
moorhouselondonCommented:
Do a brute force search of your Hard Drive for files containing DIAL, preferably in Safe Mode.  Any files found that are executable (e.g., EXE, BAT, COM, etc) could well be the culprit.  A list of files found meeting this criteria would be helpful.  I had a recent experience where a dialer was undetected by virus checker, but was found in the way just outlined.  Loading the file into Notepad revealed it was a compressed EXE (no copyright message apart from the compressing utility's one). Why the author didn't rename the file to something a little less obvious than <something> Dial <something> I cannot think.
0
 
fredshovelCommented:
Have you deleted your former 'dial-up' email account -- in accounts?
0
 
callrsCommented:
You said you need to know the program that triggers the connection. But maybe the "Dial whenever a network connection is not present" is what is causing WINDOWS to dial the connection, not necessarily any program.

If you want to identify the window that you saw flash up, try a Windows Syp utility (Google for this e.g. the free http://www.windows-spy.com/ , but I use a different shareware program)
0
 
NerdxCommented:
Exactly. I totally agree with callrs... The sooner you notice that this may not be a virus situation, the quicker you can find a solution. I guarantee it is something so simple you'll laugh in the end :) No software is going to be stupid enough to start that up and do nothing else to 'harm' your system. Don't worry...

The sooner you get that message from startup on here, the sooner it could provide a solution (if it is related).

# Nerd
0
 
King_DiamondAuthor Commented:
moorhouselondon,
I did the search you mentioned but nothing abnormal.

callrs,
The software you highlighted is pretty much like the one mentioned by war1.

Nerdx,
I checked the event viewer and I found one entry that I don't understand. It's a failure audit and here are the details.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            02/07/2006
Time:            17:12:28
User:            NT AUTHORITY\SYSTEM
Computer:      GRT
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:  User
 Source Workstation: GRT
 Error Code: 0xC000006A


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The above site is unavailable! I remembered that this week or the last, I did a windows update which was microsoft genuine something. I did a google search about the logon attempt mentioned above and I found the following.

..... In closing, I know who's causing the problem, what's causing the problem, where the problem is occurring, the only thing I don't know is WHY?, Microsoft needs to contact your machine 30 - 40 times a day, some days it's just 12 - 15 times. I'm sure it has nothing to do with installing updates. I had automatic updates turned on, so why does Microsoft, need to contact your machine 12-15 times a day? I did not get an answer from Microsoft, because I run a OEM. machine and Microsoft thinks I will be better served by contacting my OEM.. I asked Microsoft if they were the cause of this - Source: Security, Category: Account Logon, Type: Failure Audit, Event id: 680, User: Me, WorkStation: Computer ** and when I received the reply from Microsoft, they said I would be better served by my OEM. I don't know why Microsoft, doesn't want to say " Oh! Yea, That's Us!! What is Microsoft_Authentication_Package V1_0, An authentication package is a DLL that encapsulates a given form of authentication, such as NTLM or Kerberos. The Local Security Authority calls into the appropriate authentication package during the logon process to find out if the user is authentic, Although a third party can develop an authentication package, few do so. The reason I added this, if you check your security logs their will be an event failure audit - Logon Attempt By: Microsoft_Authentication_Package V1_0, all these events are related and produce the warning event in the system logs - w32time... I hope this may help some people who get this warning in their system logs.

For those who want to read the rest, here is the site : http://thepcyoubuy.proboards23.com/index.cgi?action=recent

Does anyone think that it has something to do with microsoft?
0
 
war1Commented:
King_Diamond,

The popup dialup is not due to Microsoft contacting home.  It can do so without using dialup.  The dialup box is due to some program that you forgot to change from dialup to broadband.  So the program is using dialup to contact homepage.
0
 
King_DiamondAuthor Commented:
war1,

I did not install any program recently and this started happening just this week. Re broadband, I have been using it for more than two years now, so if it had to do with the connection, I guess that it would have happened when this software got installed, don't yo think so?

The thing is that the default connection is broadband so I don't understand why the dialup connection pops up!
0
 
NerdxCommented:
Why not try a System Restore?

Start -> Programs -> Accessories -> System Tools -> System Restore

Either check back to last week, to see what the problem was, or go further back to a well known good configuration. It should remove the problem, hopefully.

# Nerd
0
 
NerdxCommented:
Hey, I have found the information from the Microsoft Support website. It matches the error you provided:
-----------------------------------------------------------------------------------------------------------------------------------------
CAUSE
Windows XP attempts a limited logon for each account that is displayed on the Welcome screen to determine whether to prompt the user for a password. An attempted logon is logged for each account displayed.
 Back to the top

RESOLUTION
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 (http://support.microsoft.com/kb/322389/EN-US/) How to Obtain the Latest Windows XP Service Pack
To prevent these events from being logged, disable the Welcome screen and use the classic logon screen or turn off auditing of logon events.

For additional information about how to enable or disable the Welcome screen and fast user switching, click the article number below to view the article in the Microsoft Knowledge Base:

279765 (http://support.microsoft.com/kb/279765/EN-US/)

Description of Fast User Switching

To turn off auditing in the Microsoft Management Console (MMC) snap-in for Group Policy: 1. Click Start, click Run, type gpedit.msc, and then click OK.

2. In the left pane, expand the following items:

• Local Computer Policy
• Computer Configuration
• Windows Settings
• Security Settings
• Local Policy
 
3. Click Audit Policy.
4. Double-click Audit Logon Events.
5. Click to clear the Success and Failure check boxes.
6. Click OK.
7. Close the Group Policy window.
-----------------------------------------------------------------------------------------------------------------------------------------
* Information taken from: http://support.microsoft.com/?kbid=305822

The main solution is to probably update to the latest Service Pack for Windows XP - so I recommend you try this first.

Hope this helps/works - GL

# Nerd
0
 
NerdxCommented:
The pasting turned out terrible, go to the link here instead: http://support.microsoft.com/?kbid=305822

# Nerd
0
 
war1Commented:
King_Diamond,

>> The thing is that the default connection is broadband so I don't understand why the dialup connection pops up! >>

The problem is then due to a recent update, either of Windows or an application.  The fix is as I posted in my first post:

"To disable dialup connection from poping up, go to Internet Explorer > Tools > Internet Options > Connections.  Select "Never dial a connection".  Click OK. Reboot computer."
0
 
NerdxCommented:
Try them both...

# Nerd
0
 
King_DiamondAuthor Commented:
Nerdx,

I already checked the system restore but there are only checkpoints and 1 software distribution servive 2.0 which is associated with windows as far as I know. I will give it a try by selecting the distribution software point and post back. As regards the info re windows, if the error is due to logon and not connecting to the internet, than probably this is not the case. Furthermore, I already have the lastest service pack. Windows is up-to-date.

war1,

I took your advice but will keep it as the last resort as primarily I would like to identify the problem. My philosophy is tackle the problem not turn around with it. I hope you agree.
0
 
☠ MASQ ☠Commented:
This is getting a long thread so apologies if this has already been done but has any one suggested a HijackThis! log - not necessarily for anything malicious but just as a list of processes being launched at boot?  

The usual suspects for this are Real and ZoneLabs products.  

I can't see that the WGA tool from M$ is the culprit but it does run ahead of login.

Out of interest if you do switch to "never dial a connection" does the problem stop?  You can always put the setting back and just use war1's suggestion as a diagnostic tool initially.
0
 
NerdxCommented:
Hehe MASQUERAID, I believe nobody has suggested the use of HijackThis throughout this post... I was going to, but thought it wouldn't be necessary, but I think it would be wise.

Download HijackThis: http://download.hijackthis.eu/hijackthis_199.zip
Paste logfile: http://www.hijackthis.de

You can either find the problem yourself, or post a link here. Like I said near the beginning of this question, I doubt it is virus related - but just a program error.

# Nerd
0
 
King_DiamondAuthor Commented:
Masqueraid,

Nerdx is right. I tried hijack this but nothing abnormal. I tried various options, mostly have been metioned here but nothing yet. As Nerdx said, it doesn't seem to be a virus or spyware but some software connecting to the internet, my opinion at least!

As regards the "never dial a connection" suggested by war1, yes I tried the suggestion and it works, that is, the dialog does not pop up. It is why I said that I will keep it as a last resort. I'm sorry that I wasn't clear about it.

Nerdx,

I still have to try the restore option. I'm sorry I didn't get back with feedback but the problem is on my home pc and I had to get away for work. My apologies. However, I will post when back home.
0
 
☠ MASQ ☠Commented:
Try disabling the WGA tool as this is one of your newest updates & could be the culprit
http://www.betanews.com/article/Microsoft_Admits_WGA_Phones_Home/1149798507

Removal tool & manual removal instructions here:
http://www.firewallleaktester.com.nyud.net:8090/removewga.htm


NB if you remove WGA you will be prompted to reload it if you go to the Windows Update site (otherwise you will get nothing but the security patches) and if you have automatic updates switched on M$ will push it down to you at your next update session.
0
 
callrsCommented:
Just realized something from way up:
>>callrs, The software you highlighted is pretty much like the one mentioned by war1.
Actually, it's not. Windows Spy is not the same as a process explorer. A windows spy utility logs the handle, title, etc, of every window that exists, and can also log all popups even if they only flash on-screen for a split second..
0
 
moorhouselondonCommented:
"If it ain't broke, don't fix it" is my philosophy in many cases.  If you are confident that it is not malware and War1's suggestion is a perfect workaround, I would be inclined not to go to a System Restore.  System Restore is an applet that has been written by Microsoft.  Does it cater for all known system configurations, including things like Updates?  Will it guarantee to do anything different to what is happening now?  System Restore is a good safety net when you really, really do need it, I do agree, but jumping out of tall buildings because there is a safety net down below is not something I would contemplate (sometimes I get vertigo just getting out of bed in the mornings lol).

PS Apparently there is a Class Action suit being prepared against MS for the Genuine Advantage tool on the grounds that it might be considered malware.  Source WServerNews Issue 583.
0
 
King_DiamondAuthor Commented:
Nerdx,

I tried the system restore but no luck.


Masqueraid,

I really thought it was as your post. Infact I downloaded the file from the site you suggested to confirm whether the WGA notification was installed, which it was. I removed it successfully however the problem was not solved. Hence, though it seems that WGA Notification "calls home" on every boot-up, it seems that my problem is being cause by some other software.


callrs,

I also tried windows spy. You were right, it's different. I did a thorough search in the many windows highlighted by the software but I didn't recognise any abnormal software or software that I did not install myself.


moorhouselondon,

I'm sorry but I don't agree with your philosophy. Actually, the problem ain't the connection window popping up. I don't know what info this "invisible" software is trying to send. And if I select "never dial a connection", does this unknown software still sends the info when I connect to the internet? The thing is that, as mentioned in the site highlighted by Masqueraid for WGA notification, this software is somehow by-passing my firewall. If someone took the hassle to develop such a software, I don't think that the info transmitted is just IP and time like WGA Notification seems to do, don't you think?
0
 
moorhouselondonCommented:
You can use a packet sniffer such as Ethereal to determine exactly what is inside the packet being sent, but unfortunately it needs to either be activated at startup, or you must have a pc that sits between your pc and the firewall to pass on the packets, or temporarily use a 10Mb hub to ferret out packet activity (the use of pc's with network cards set to promiscuous mode is no longer viable to capture packets from other neighbouring pc's).

>I'm sorry but I don't agree with your philosophy.
It is good to have a world with various opinions.
0
 
King_DiamondAuthor Commented:
I can put it in the startup menu but I think that it will run too late as it happened with windows spy and process explorer. I had to restart so many times to capture the "window activity" just once!

I am downloading it but it's very slow! So I have to wait!

>>I'm sorry but I don't agree with your philosophy.
>It is good to have a world with various opinions.
Granted.
0
 
King_DiamondAuthor Commented:
The problem seems to be getting worse! I didn't have much HDD space, 2GB, but now it's down to 155MB! I only installed windows spy and process express, nothing else. To make it worse, I delete some files to free up some space and guess what? The free space was of 133MB!

Something is definitely happening. Anyone has any ideas?
0
 
bastibartelCommented:
Hi Nerdx,

check the registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\*your-username*\Software\Microsoft\Windows\CurrentVersion\Run

or get the software
http://toolsandmore.de/?dl=autostartmanager-setup.exe
(it is in german though)

Cheers!
Sebastian
0
 
bastibartelCommented:
.. plus the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

0
 
NerdxCommented:
>> Hi Nerdx, check the registry keys...

bastibartel, I believe this question belongs to King_Diamond - not me :)

# Nerd
0
 
King_DiamondAuthor Commented:
bastibartel,

All registry keys mentioned checked. Contains software I know about.
0
 
☠ MASQ ☠Commented:
This is sounding increasingly malevolent

What firewall are you using?

The free version of Zone Alarm has got me out of a hole more than once in this situation.
Install and ask it to ingore any pre set rules and report any connections

Then switch to "never dial" so instead of launching the dial up anonymously whatever this is will get checked by ZA (which launches before connections are allowed), restart & see literally what comes up.

war1, you're more up to speed on rootkits than me, worth a hunt?  This is certainly stealthy.
0
 
bastibartelCommented:
I'd recommend Spybot S&D very strongly.
http://www.safer-networking.org/en/download/index.html

Cheers,
Sebastian
0
 
King_DiamondAuthor Commented:
I just tried zone alarm but no luck. Only programs under the run key popped warnings, the ones I know with.

Tried also spybot. Again, nothing.

However I noticed two new files which I don't know what they are and were created a couple of weeks ago. They are underfolder Application Data/vcl/cache and are named CACHEDIR.TAG and plugins-04041e.dat. Could they be the culprit?
0
 
☠ MASQ ☠Commented:
What size is the folder?
'vcl' or 'vlc'?
Do you have VideoLAN installed?
0
 
King_DiamondAuthor Commented:
Size 138K, folder vlc.

Have TVUPlayer installed.
0
 
King_DiamondAuthor Commented:
Problem found.

Well I ran hijack this again and found a malware file named algchk.exe. Guess I confused it with windows alg.exe. I deleted the file and removed its registry key. The dialup connection is not popping up anymore but the window that flashes at startup is still there. So I am wondering whether I deleted every instance of this malware.

Did anyone had this malware or anyone knows how to remove all its instances?
0
 
☠ MASQ ☠Commented:
First check HJT log again to see if it has respawned either as something else or algchk.exe again. A lot of malwares have a parent file that checks on boot if its child has been removed and replaces it.

Particularly check any Winlogon references in HJT and make sure that they point at the legitimate windows file
0
 
King_DiamondAuthor Commented:
Masqueraid,

I did run HJT again but nothing suspicious except for the following log.

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

I did remove WGA Notify. Could the flashing window be related? I removed it as stated by you.

I'm trying to tackle the problem a piece at a time, perhaps I will have a good system again hopefully! It really slowed down my system and can't understand where my few disk space had vanished yet!
0
 
King_DiamondAuthor Commented:
Anyone has any other suggestion please?
0
 
King_DiamondAuthor Commented:
I did a windows update and seems to have cleared the remaining problem.

Thanks to everyone.
0
 
nobusCommented:
fredshovel - can you have a look here please?  http://www.experts-exchange.com/Hardware/Components/Q_26542874.html?cid=239
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 19
  • 11
  • 5
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now