hotkiss dialer help needed urgently

Discussion in 'adware, spyware & hijack cleaning' started by jake2, May 22, 2004.

Thread Status:
Not open for further replies.
  1. jake2

    jake2 Registered Member

    Joined:
    May 22, 2004
    Posts:
    7
    Hi, please can anyone help me get rid of this thing, i thought it was gone but keeps coming back along with 123found.com, or 777search as my home page.
    I have ran shredder and the latest ad aware, but it still comes back.....
    Help would be much appreciated. (ps, im not that great with computers so if someone has the patience to explain it simply id apreciate that) :D

    Many thanks.

    Here is my log:Logfile of HijackThis v1.97.7
    Scan saved at 03:57:02, on 22/05/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\CPQS\BWTOOLS\SCCENTER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\PRINTRAY.EXE
    C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
    C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LAUNCHER.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\DAEMON.EXE
    C:\WINDOWS\SYSTEM\SYSTEM.EXE
    C:\WINDOWS\SYSTEM\WINLOGON.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\BTOPENWORLD\DIALBTISURFTIME.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...c=0809&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...c=0809&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...c=0809&s=search
    O1 - Hosts: 66.250.170.70 verisign.com
    O1 - Hosts: 66.250.170.70 www.altavista.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
    O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe
    O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Update] C:\WINDOWS\svchost.exe /i
    O4 - HKLM\..\Run: [browser] C:\WINDOWS\daemon.exe /i MSNJU1
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\system.exe
    O4 - HKCU\..\Run: [System Update4] c:\windows\system\winlogon.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/tem...bcontrol014.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
     
    Last edited: May 22, 2004
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi jake2,

    Have only HijackThis running and fix :

    O1 - Hosts: 66.250.170.70 verisign.com
    O1 - Hosts: 66.250.170.70 www.altavista.com

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Update] C:\WINDOWS\svchost.exe /i
    O4 - HKLM\..\Run: [browser] C:\WINDOWS\daemon.exe /i MSNJU1
    O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\system.exe
    O4 - HKCU\..\Run: [System Update4] c:\windows\system\winlogon.exe

    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/tem...bcontrol014.cab

    Restart PC after doing so in Safe Mode : here's How and remove :

    C:\WINDOWS\svchost.exe <- this file
    C:\WINDOWS\daemon.exe <- this file
    C:\WINDOWS\System\system.exe <- this file
    c:\windows\system\winlogon.exe <- this file

    Clean temp internet files

    Restart again in normal mode

    Update IE at windowsupdate.com

    Hope this helps

    Cheers,
     
  3. jake2

    jake2 Registered Member

    Joined:
    May 22, 2004
    Posts:
    7
    Thanks, i have done that, when i hit fix, they were removed and are not there when i scan again, is this right?
    Told you im stupid !! lol
    Sorry about reposting for help, was just worried because the pc has been going nuts with that dialer. also apologies for SHOUTING, didnt realise that about caps :D

    Many thanks
    jake
     
  4. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi jake,

    don't worry about it ;)

    Make sure you also manually remove those files, as stated

    Hope all is well again

    Cheers,
     
Thread Status:
Not open for further replies.