Damn porn dialer won't DIE!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

putz

Thread Starter
Joined
Sep 13, 2003
Messages
1
i have same problem.. can u guys go through my hjt and please tell me what to fix.. thanks !!


Logfile of HijackThis v1.97.2
Scan saved at 1:03:54 PM, on 9/13/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATI2CWAD.EXE
C:\WINDOWS\SYSTEM\ATIPTKAD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SYSTEM\HELPER11.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\TOOLS_95\IOWATCH.EXE
C:\TOOLS_95\IMGICON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbefremont.com/tracking.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=hpfsched
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [AtiCwd32] Ati2cwad.exe
O4 - HKLM\..\Run: [AtiKey] atiptkad.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIGART] c:\ATI\GART\ATIGART.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [help] C:\windows\system\helper11.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [POPUPWATCH] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\POPUP-WATCH\PopUpWatch.exe /STARTUP
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O9 - Extra button: RealGuide (HKLM)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss002/bin/msi_axm.cab
O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss002/bin/msi_cst.cab
O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss002/bin/msi_shippingstation.cab
O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss002/bin/msi_registry.cab
O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss002/bin/msi_portenum.cab
O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss002/bin/msi_printer.cab
O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss002/bin/msi_scales.cab
O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss002/bin/cms_csz.cab
O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss002/bin/msi_cszapi.cab
O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss002/bin/msi_posclient.cab
O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss002/bin/msi_ratingx.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://mbe.iship.com/pss002/bin/arview2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.7281134259
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = covad.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 64.105.172.26,64.105.163.106,64.105.132.250


thanks in advance!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all

browser windows & press fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
O4 - HKLM\..\Run: [help] C:\windows\system\helper11.exe


then read here about bullet proof soft.com & make up your own mind whether you want the next item on your computer or not. if you decide to remove it , do so from add/remove programmes in control panel first
O4 - HKCU\..\Run: [POPUPWATCH] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\POPUP-WATCH\PopUpWatch.exe /STARTUP


then reboot & delete C:\windows\system\helper11.exe
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Hi putz and dvk, I've split this into a separate thread.....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Members online

Top