Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I am receiving a pop up that says "Hey Dude. Click here to see fresh teens." I have a 13 yr old son that I do not want to see fresh teens. I am also receiving a message that sayd "Do you want to install dialer?" I have disabled Messenger and I have run Spybot--neither helps. Help! Here is Hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 8:51:35 AM, on 2/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\DIRECWAY\BIN\dpcnav.exe
C:\Documents and Settings\Penny\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.accessatlanta.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
F1 - win.ini: load= c:\quickenw\BILLMNDW.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.bellsouth.net/"); (C:\Documents and Settings\Penny\Application Data\Mozilla\Profiles\default\ttknwymu.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Penny\Application Data\Mozilla\Profiles\default\ttknwymu.slt\prefs.js)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.exe -b
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Startup: Navigator.lnk = C:\Program Files\DIRECWAY\BIN\dpcnav.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37845.3822106481
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://web14.compaq.com/falco/SysQuery.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D4642D3-171D-4181-85CD-6E230E606480}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D4642D3-171D-4181-85CD-6E230E606480}: NameServer = 198.77.116.8,198.77.116.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = direcpc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = direcpc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = direcpc.com
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)
To get rid of the stupid popup that comes up in the first place then:
1. Download free popup blocker
2. Download mozzila firebird( much better web browser that includes popup blocker automatically )http://www.mozilla.org/products/mozilla1.x/
DAN
0 
Try Adaware,
That machine is loaded with crap. A pop-up blocker or different browser is NOT going to get at the root of the issue. It would simply be a band aid solution.
Jimi_l
0
Hun, you have to disable the restore points and run Ad-Aware and Spybot search and distroy. I reccomend running both. When you get to the point where you have the option to delete what they find do it. If you don't they see each others "I found this" files and give you a false alert.
Just a hint but if I was you I would make some security level adjustments on the internet functions. Maybe create a lower level user for others using your computer.
0
Hi Penny,
Some links to the best FREE ones:
These are Anti-Virus:
▫ [on-line] ActiveScan Anti-Virus (Panda)
▫ [on-line] HouseCall Anti-Virus (Trend Micro)
▫ [on-line] RAV Anti-Virus (AV Security)
▫ [on-line] BitDefender Anti-Virus
▫ AVG Anti-Virus (Grisoft)These are anti-spyware & anti-adware:
▫ Spybot Search & Destroy (Safer Networking)
▫ Ad-aware (Lavasoft)
▫ CWShredder (Merijn.org)
▫ TDS-3 (DiamondCS)
▫ [on-line] TrojanScan (GFi)
▫ Pest Patrol
Keep in mind that some of them may need to be updated over the web first when started, and before zapping the baddies!And install this one:
▫ [blocker] SpywareBlaster (Javacoolsoftware)
It will blast them off your system before they have a chance to install.
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
You're welcome, Ms. Penny
Hey, thanks to SVG for his list of goodies. Which reminds me I need to up date my ad/spy stuff. I'll be back later.
0
Penny,
Please let us know if any of the anti-virus or spyware worked for ya.
I currently use the Adaware from Lavasoft and it works great for me, found on one system that was getting tons of pop up windows was caused because of those spyware type programs. Though a lot of people seem to overlook those toolbars for IE they download....Some of those free toolbars are spyware themselves, but so far Yahoo and Google bars seem to be safe from what the Spyware detectors are saying, but ya never know...
0
Yes, it all worked. I combined the advice of everyone. I turned off my restore points, ran Spybot in advanced mode, downloaded and ran Adaware, and ran Trend Micro Virus Scan. I downloaded and ran Spywareblaster to prevent future attacks. I deleted my "Mysearch" toolbar and disabled Messenger. Life is good!
Thanks again!
Penny
0  |
 shrinking pictures on web...
|
roining adware has ruined...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
