1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Geting Ride Of a Program

Discussion in 'All Other Software' started by watchdog, Feb 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. watchdog

    watchdog Thread Starter

    Joined:
    Feb 9, 2003
    Messages:
    21
    Somehow a program got on my computer and continues to load every time I turn the computer on. It is a call program that cost a lot of money in connect charges. I click on cancel and it goes away but is back every time at start up. The program is called Eye Popper. I have eleminated it several times by deleting the directory and the desktop shortcut and tried to find it in any other area of the computer but no luck. The file is in C:\ecommerce\dialer.exe (I keep eleminiating this but it comes back) the short cut on the desktop is eyepor~1.lnk but eleminating this has no effect either.
    Thanks for any help offered.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Hi, and welcome to the board.

    Please do this:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.
     
  3. watchdog

    watchdog Thread Starter

    Joined:
    Feb 9, 2003
    Messages:
    21
    Logfile of HijackThis v1.91.2
    Scan saved at 11:04:22 AM, on 2/9/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.yahoo.com/ext/hp/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.wkbw.com/
    O1 - Hosts: 63.236.64.11 www.wkbw.com #Home Page
    O1 - Hosts: 207.46.197.100 www.microsoft.com #Search Page
    O1 - Hosts: 216.178.106.31 www.oxygen.com #.url
    O1 - Hosts: 204.202.132.19 www.abc.com #.url
    O1 - Hosts: 207.46.226.19 windows.microsoft.com #.url
    O1 - Hosts: 64.58.76.223 www.yahoo.com #.url
    O1 - Hosts: 64.58.77.197 hp.my.yahoo.com #.URL
    O1 - Hosts: 65.205.253.233 www.liquidaudio.com #.url
    O1 - Hosts: 65.205.253.160 www.liquidmusicnetwork.com #.url
    O1 - Hosts: 207.188.7.125 www.real.com #.url
    O1 - Hosts: 192.6.234.9 www.hp.com #.url
    O1 - Hosts: 206.135.235.101 www.hp-at-home.com #.url
    O1 - Hosts: 207.25.71.61 www.money.com #.url
    O1 - Hosts: 128.121.67.53 www.taxexemptlaw.com #.url
    O1 - Hosts: 4.42.179.148 www.nonprofit-info.org #.url
    O1 - Hosts: 208.31.0.11 www.nonprofitexpert.com #.url
    O1 - Hosts: 209.185.182.6 cognigen.net #.url
    O1 - Hosts: 206.137.233.4 belle.pcpros.net #.url
    O1 - Hosts: 210.8.18.32 www.webwombat.com.au #.url
    O1 - Hosts: 161.58.180.157 www.viable-herbal.com #.url
    O1 - Hosts: 216.247.247.247 the-office.com #.url
    O1 - Hosts: 209.61.156.182 www.bidtripper.com #.url
    O1 - Hosts: 209.143.212.20 southernfood.miningco.com #.url
    O1 - Hosts: 207.127.150.20 www.co.suffolk.ny.us #.url
    O1 - Hosts: 128.205.202.195 www.mgt.buffalo.edu #.url
    O1 - Hosts: 170.148.37.100 www.chase.com #.url
    O1 - Hosts: 64.58.76.172 travel.yahoo.com #.url
    O1 - Hosts: 63.146.170.82 www.chibrow.com #.url
    O1 - Hosts: 209.104.39.15 newyork.citysearch.com #.url
    O1 - Hosts: 205.147.5.216 ep.com #.url
    O1 - Hosts: 216.40.197.199 www.grsites.com #.url
    O1 - Hosts: 216.33.86.129 www3.coolsavings.com #.url
    O1 - Hosts: 216.32.120.183 cgi.ebay.com #.url
    O1 - Hosts: 64.29.223.60 www.ontrack.com #.url
    O1 - Hosts: 209.68.46.122 www.driverguide.com #.url
    O1 - Hosts: 64.213.191.148 www.swedishbricks.net #.url
    O1 - Hosts: 192.220.101.195 www.interbiznet.com #.url
    O1 - Hosts: 209.202.196.70 members.tripod.com #.url
    O1 - Hosts: 35.8.2.28 www.msue.msu.edu #.url
    O1 - Hosts: 63.161.122.12 www.arcatapet.com #.url
    O1 - Hosts: 63.236.73.177 discussions.hardwarecentral.com #.url
    O1 - Hosts: 208.254.80.205 www.inter800.com #.url
    O1 - Hosts: 209.197.74.29 best-of-web.com #.url
    O1 - Hosts: 64.21.26.218 planecrashinfo.com #.url
    O1 - Hosts: 208.246.237.196 locator.micro.honeywell.com #.url
    O1 - Hosts: 209.67.227.100 www.mapsonus.com #.url
    O1 - Hosts: 144.118.94.20 forum.swarthmore.edu #.url
    O1 - Hosts: 147.208.22.188 moneypaper.com #.url
    O1 - Hosts: 206.20.53.54 www.net2phone.com #.url
    O1 - Hosts: 216.238.35.204 nysparks.state.ny.us #.url
    O1 - Hosts: 202.62.120.10 www.fiji-online.com.fj #.url
    O1 - Hosts: 194.73.73.113 www.aeverett.btinternet.co.uk #.url
    O1 - Hosts: 147.208.184.231 www.onsettechnology.com #.url
    O1 - Hosts: 209.166.198.4 www.medialink.com #.url
    O1 - Hosts: 192.172.250.222 www.volvoworld.com #.url
    O1 - Hosts: 207.46.196.103 support.microsoft.com #.url
    O1 - Hosts: 56.0.78.95 new.usps.com #.url
    O1 - Hosts: 216.55.182.100 www.56k.com #.url
    O1 - Hosts: 153.2.228.50 www.ups.com #.url
    O1 - Hosts: 216.9.150.22 suffolkalarms.com #.url
    O1 - Hosts: 12.40.127.122 www.advantabusiness.com #.url
    O1 - Hosts: 63.70.44.84 tvplex.go.com #.url
    O1 - Hosts: 12.36.78.101 www.suntimes.com #.url
    O1 - Hosts: 164.109.30.19 www.fleetcso.com #.url
    O1 - Hosts: 165.193.102.140 www.mapblast.com #.url
    O1 - Hosts: 12.29.100.8 my.americanexpress.com #.url
    O1 - Hosts: 199.81.199.50 www.fedex.com #.url
    O1 - Hosts: 12.23.132.20 www.firstusa.com #.url
    O1 - Hosts: 192.189.32.76 www.mbnanetaccess.com #.url
    O1 - Hosts: 63.69.131.100 www.banking.us.hsbc.com #.url
    O1 - Hosts: 192.193.195.132 www.citibank.com #.url
    O1 - Hosts: 194.8.189.10 www.ryh.ru #.url
    O1 - Hosts: 209.132.193.34 a.gohip.com #.url
    O1 - Hosts: 64.241.242.217 www.findarticles.com #.url
    O1 - Hosts: 64.12.151.216 home.netscape.com #.url
    O1 - Hosts: 192.151.52.111 forums.itrc.hp.com #.url
    O1 - Hosts: 216.71.9.88 developer.irt.org #.url
    O1 - Hosts: 216.40.32.30 www.tucows.com #.url
    O1 - Hosts: 209.249.105.17 www.guidescope.com #.url
    O1 - Hosts: 205.138.230.129 www.americanexpress.com #.url
    O1 - Hosts: 64.72.68.12 www.glolab.com #.url
    O1 - Hosts: 65.166.60.5 www.hightec.com #.url
    O1 - Hosts: 206.244.181.252 206.244.181.252 #.url
    O1 - Hosts: 194.242.135.145 www.bullnet.co.uk #.url
    O1 - Hosts: 64.226.96.68 www.pigselectronics.com #.url
    O1 - Hosts: 205.178.180.17 www.abacom-tech.com #.url
    O1 - Hosts: 64.65.44.203 www.industrycommunity.com #.url
    O1 - Hosts: 209.15.17.199 www.apostolic.net #.url
    O1 - Hosts: 64.124.237.129 download.cnet.com #.url
    O1 - Hosts: 205.201.58.14 www.mrqe.com #.url
    O1 - Hosts: 207.171.168.20 www.imdb.com #.url
    O1 - Hosts: 207.24.89.160 www.nationalgeographic.com #.url
    O1 - Hosts: 66.35.222.230 www.dialpad.com #.url
    O1 - Hosts: 12.19.128.19 www.spiritair.com #.url
    O1 - Hosts: 12.5.136.100 www.southwest.com. #.url
    O1 - Hosts: 192.75.95.75 www.chebucto.ns.ca #.url
    O1 - Hosts: 63.85.86.16 www.itsyourdomain.com #.url
    O1 - Hosts: 63.151.17.199 www.otherwhitemeat.com #.url
    O1 - Hosts: 64.12.37.57 www.mapquest.com #.url
    O1 - Hosts: 64.65.215.12 www.buffaloniagara.org #.url
    O1 - Hosts: 206.230.5.209 www.autofrost.com #.url
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [ShutDownPro] C:\Program Files\ShutDownPro\ShutDownPro.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SystemTasks] C:\sexicamz.exe
    O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MPower] "C:\PROGRAM FILES\MINDBEAT\MPOWER\MPOWER.EXE"
    O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
    O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
    O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
    O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: RealGuide (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O11 - Options group: [CommonName] CommonName
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09d89acfabb922b59f06/netzip/RdxIE601.cab
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thank you. :)

    Please do this:

    Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
    Next, shut down all Internet Explorer Windows, and have HT fix all checked.

    Reboot when you're done.


    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [SystemTasks] C:\sexicamz.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

    O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
    O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
    O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
    O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm

    O11 - Options group: [CommonName] CommonName

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09d89acfabb922...ip/RdxIE601.cab


    After rebooting, delete C:\sexicamz.exe

    That ought to take care of your dialer.

    You also have Gator Precision Time and Date Manager installed, which are spyware.

    Download Spybot - Search & Destroy
    to deal with all versions of ...... without a prob.

    After installing, press Online, and search for, put a check mark at, and install all updates.

    Next, go to Settings > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.
     
  5. watchdog

    watchdog Thread Starter

    Joined:
    Feb 9, 2003
    Messages:
    21
    :) Thank you ever so much you obviously are very knowledegable and most helpful. I am trying to download the Spybot-Serch and Destroy but the site says it has not been created but I will keep trying and thanks again.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/117862

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice