1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Damn porn dialer won't DIE!!!

Discussion in 'Virus & Other Malware Removal' started by putz, Sep 13, 2003.

Thread Status:
Not open for further replies.
  1. putz

    putz Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    1
    i have same problem.. can u guys go through my hjt and please tell me what to fix.. thanks !!


    Logfile of HijackThis v1.97.2
    Scan saved at 1:03:54 PM, on 9/13/03
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\PSSVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATI2CWAD.EXE
    C:\WINDOWS\SYSTEM\ATIPTKAD.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\WINDOWS\SYSTEM\HELPER11.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbefremont.com/tracking.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    F1 - win.ini: run=hpfsched
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [AtiCwd32] Ati2cwad.exe
    O4 - HKLM\..\Run: [AtiKey] atiptkad.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ATIGART] c:\ATI\GART\ATIGART.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [help] C:\windows\system\helper11.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKCU\..\Run: [POPUPWATCH] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\POPUP-WATCH\PopUpWatch.exe /STARTUP
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O9 - Extra button: RealGuide (HKLM)
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss002/bin/msi_axm.cab
    O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss002/bin/msi_cst.cab
    O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss002/bin/msi_shippingstation.cab
    O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss002/bin/msi_registry.cab
    O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss002/bin/msi_portenum.cab
    O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss002/bin/msi_printer.cab
    O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss002/bin/msi_scales.cab
    O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss002/bin/cms_csz.cab
    O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss002/bin/msi_cszapi.cab
    O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss002/bin/msi_posclient.cab
    O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss002/bin/msi_ratingx.cab
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://mbe.iship.com/pss002/bin/arview2.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.7281134259
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = covad.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 64.105.172.26,64.105.163.106,64.105.132.250


    thanks in advance!
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all

    browser windows & press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    O4 - HKLM\..\Run: [help] C:\windows\system\helper11.exe


    then read here about bullet proof soft.com & make up your own mind whether you want the next item on your computer or not. if you decide to remove it , do so from add/remove programmes in control panel first
    O4 - HKCU\..\Run: [POPUPWATCH] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\POPUP-WATCH\PopUpWatch.exe /STARTUP


    then reboot & delete C:\windows\system\helper11.exe
     
  3. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi putz and dvk, I've split this into a separate thread.....
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164572

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice