Geting Ride Of a Program

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

watchdog

Thread Starter
Joined
Feb 9, 2003
Messages
21
Somehow a program got on my computer and continues to load every time I turn the computer on. It is a call program that cost a lot of money in connect charges. I click on cancel and it goes away but is back every time at start up. The program is called Eye Popper. I have eleminated it several times by deleting the directory and the desktop shortcut and tried to find it in any other area of the computer but no luck. The file is in C:\ecommerce\dialer.exe (I keep eleminiating this but it comes back) the short cut on the desktop is eyepor~1.lnk but eleminating this has no effect either.
Thanks for any help offered.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Hi, and welcome to the board.

Please do this:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.
 

watchdog

Thread Starter
Joined
Feb 9, 2003
Messages
21
Logfile of HijackThis v1.91.2
Scan saved at 11:04:22 AM, on 2/9/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.yahoo.com/ext/hp/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.wkbw.com/
O1 - Hosts: 63.236.64.11 www.wkbw.com #Home Page
O1 - Hosts: 207.46.197.100 www.microsoft.com #Search Page
O1 - Hosts: 216.178.106.31 www.oxygen.com #.url
O1 - Hosts: 204.202.132.19 www.abc.com #.url
O1 - Hosts: 207.46.226.19 windows.microsoft.com #.url
O1 - Hosts: 64.58.76.223 www.yahoo.com #.url
O1 - Hosts: 64.58.77.197 hp.my.yahoo.com #.URL
O1 - Hosts: 65.205.253.233 www.liquidaudio.com #.url
O1 - Hosts: 65.205.253.160 www.liquidmusicnetwork.com #.url
O1 - Hosts: 207.188.7.125 www.real.com #.url
O1 - Hosts: 192.6.234.9 www.hp.com #.url
O1 - Hosts: 206.135.235.101 www.hp-at-home.com #.url
O1 - Hosts: 207.25.71.61 www.money.com #.url
O1 - Hosts: 128.121.67.53 www.taxexemptlaw.com #.url
O1 - Hosts: 4.42.179.148 www.nonprofit-info.org #.url
O1 - Hosts: 208.31.0.11 www.nonprofitexpert.com #.url
O1 - Hosts: 209.185.182.6 cognigen.net #.url
O1 - Hosts: 206.137.233.4 belle.pcpros.net #.url
O1 - Hosts: 210.8.18.32 www.webwombat.com.au #.url
O1 - Hosts: 161.58.180.157 www.viable-herbal.com #.url
O1 - Hosts: 216.247.247.247 the-office.com #.url
O1 - Hosts: 209.61.156.182 www.bidtripper.com #.url
O1 - Hosts: 209.143.212.20 southernfood.miningco.com #.url
O1 - Hosts: 207.127.150.20 www.co.suffolk.ny.us #.url
O1 - Hosts: 128.205.202.195 www.mgt.buffalo.edu #.url
O1 - Hosts: 170.148.37.100 www.chase.com #.url
O1 - Hosts: 64.58.76.172 travel.yahoo.com #.url
O1 - Hosts: 63.146.170.82 www.chibrow.com #.url
O1 - Hosts: 209.104.39.15 newyork.citysearch.com #.url
O1 - Hosts: 205.147.5.216 ep.com #.url
O1 - Hosts: 216.40.197.199 www.grsites.com #.url
O1 - Hosts: 216.33.86.129 www3.coolsavings.com #.url
O1 - Hosts: 216.32.120.183 cgi.ebay.com #.url
O1 - Hosts: 64.29.223.60 www.ontrack.com #.url
O1 - Hosts: 209.68.46.122 www.driverguide.com #.url
O1 - Hosts: 64.213.191.148 www.swedishbricks.net #.url
O1 - Hosts: 192.220.101.195 www.interbiznet.com #.url
O1 - Hosts: 209.202.196.70 members.tripod.com #.url
O1 - Hosts: 35.8.2.28 www.msue.msu.edu #.url
O1 - Hosts: 63.161.122.12 www.arcatapet.com #.url
O1 - Hosts: 63.236.73.177 discussions.hardwarecentral.com #.url
O1 - Hosts: 208.254.80.205 www.inter800.com #.url
O1 - Hosts: 209.197.74.29 best-of-web.com #.url
O1 - Hosts: 64.21.26.218 planecrashinfo.com #.url
O1 - Hosts: 208.246.237.196 locator.micro.honeywell.com #.url
O1 - Hosts: 209.67.227.100 www.mapsonus.com #.url
O1 - Hosts: 144.118.94.20 forum.swarthmore.edu #.url
O1 - Hosts: 147.208.22.188 moneypaper.com #.url
O1 - Hosts: 206.20.53.54 www.net2phone.com #.url
O1 - Hosts: 216.238.35.204 nysparks.state.ny.us #.url
O1 - Hosts: 202.62.120.10 www.fiji-online.com.fj #.url
O1 - Hosts: 194.73.73.113 www.aeverett.btinternet.co.uk #.url
O1 - Hosts: 147.208.184.231 www.onsettechnology.com #.url
O1 - Hosts: 209.166.198.4 www.medialink.com #.url
O1 - Hosts: 192.172.250.222 www.volvoworld.com #.url
O1 - Hosts: 207.46.196.103 support.microsoft.com #.url
O1 - Hosts: 56.0.78.95 new.usps.com #.url
O1 - Hosts: 216.55.182.100 www.56k.com #.url
O1 - Hosts: 153.2.228.50 www.ups.com #.url
O1 - Hosts: 216.9.150.22 suffolkalarms.com #.url
O1 - Hosts: 12.40.127.122 www.advantabusiness.com #.url
O1 - Hosts: 63.70.44.84 tvplex.go.com #.url
O1 - Hosts: 12.36.78.101 www.suntimes.com #.url
O1 - Hosts: 164.109.30.19 www.fleetcso.com #.url
O1 - Hosts: 165.193.102.140 www.mapblast.com #.url
O1 - Hosts: 12.29.100.8 my.americanexpress.com #.url
O1 - Hosts: 199.81.199.50 www.fedex.com #.url
O1 - Hosts: 12.23.132.20 www.firstusa.com #.url
O1 - Hosts: 192.189.32.76 www.mbnanetaccess.com #.url
O1 - Hosts: 63.69.131.100 www.banking.us.hsbc.com #.url
O1 - Hosts: 192.193.195.132 www.citibank.com #.url
O1 - Hosts: 194.8.189.10 www.ryh.ru #.url
O1 - Hosts: 209.132.193.34 a.gohip.com #.url
O1 - Hosts: 64.241.242.217 www.findarticles.com #.url
O1 - Hosts: 64.12.151.216 home.netscape.com #.url
O1 - Hosts: 192.151.52.111 forums.itrc.hp.com #.url
O1 - Hosts: 216.71.9.88 developer.irt.org #.url
O1 - Hosts: 216.40.32.30 www.tucows.com #.url
O1 - Hosts: 209.249.105.17 www.guidescope.com #.url
O1 - Hosts: 205.138.230.129 www.americanexpress.com #.url
O1 - Hosts: 64.72.68.12 www.glolab.com #.url
O1 - Hosts: 65.166.60.5 www.hightec.com #.url
O1 - Hosts: 206.244.181.252 206.244.181.252 #.url
O1 - Hosts: 194.242.135.145 www.bullnet.co.uk #.url
O1 - Hosts: 64.226.96.68 www.pigselectronics.com #.url
O1 - Hosts: 205.178.180.17 www.abacom-tech.com #.url
O1 - Hosts: 64.65.44.203 www.industrycommunity.com #.url
O1 - Hosts: 209.15.17.199 www.apostolic.net #.url
O1 - Hosts: 64.124.237.129 download.cnet.com #.url
O1 - Hosts: 205.201.58.14 www.mrqe.com #.url
O1 - Hosts: 207.171.168.20 www.imdb.com #.url
O1 - Hosts: 207.24.89.160 www.nationalgeographic.com #.url
O1 - Hosts: 66.35.222.230 www.dialpad.com #.url
O1 - Hosts: 12.19.128.19 www.spiritair.com #.url
O1 - Hosts: 12.5.136.100 www.southwest.com. #.url
O1 - Hosts: 192.75.95.75 www.chebucto.ns.ca #.url
O1 - Hosts: 63.85.86.16 www.itsyourdomain.com #.url
O1 - Hosts: 63.151.17.199 www.otherwhitemeat.com #.url
O1 - Hosts: 64.12.37.57 www.mapquest.com #.url
O1 - Hosts: 64.65.215.12 www.buffaloniagara.org #.url
O1 - Hosts: 206.230.5.209 www.autofrost.com #.url
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ShutDownPro] C:\Program Files\ShutDownPro\ShutDownPro.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTasks] C:\sexicamz.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MPower] "C:\PROGRAM FILES\MINDBEAT\MPOWER\MPOWER.EXE"
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09d89acfabb922b59f06/netzip/RdxIE601.cab
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Thank you. :)

Please do this:

Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
Next, shut down all Internet Explorer Windows, and have HT fix all checked.

Reboot when you're done.


O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [SystemTasks] C:\sexicamz.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm

O11 - Options group: [CommonName] CommonName

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09d89acfabb922...ip/RdxIE601.cab


After rebooting, delete C:\sexicamz.exe

That ought to take care of your dialer.

You also have Gator Precision Time and Date Manager installed, which are spyware.

Download Spybot - Search & Destroy
to deal with all versions of ...... without a prob.

After installing, press Online, and search for, put a check mark at, and install all updates.

Next, go to Settings > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.
 

watchdog

Thread Starter
Joined
Feb 9, 2003
Messages
21
:) Thank you ever so much you obviously are very knowledegable and most helpful. I am trying to download the Spybot-Serch and Destroy but the site says it has not been created but I will keep trying and thanks again.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top