Plllllllleeeeeeeeessssssseeee hELP ME

[mayank76]

Please help me ,whenever i connect to the net after 10 minutes pop-ups of celebrety uncenssored strats, and nude pop-ups comes to my screen . i have tried to remove it many times but in vain. i know that it is due to e-dialer. it does not get installed in my computer but reinstall its entry in windows registry after conecting to net in software section .i have super ad blocker & google ad blocker but they can not block it , ihave microsoft antispyware but it only detects it on scanning does not stop it while installing in registry , pllllllleeeeeeeeeessssseeeeee help me. I am so ashamed that i have stopped browsing at my home .

 

[aadipa]

Run CWShreder and HijackThis.
Post your HijackThis log file.

Get this files from *www.spywareinfo.com/~merijn/

 

[blacklight]

tried running a scan on spybot ?

*www.spybot.info/

 

[shankarpdrin]

pls go to add remove progarmes to find un authorised application and try to un install it

 

[bharathbala2003]

get spybot also post hijack this log..

*www.safer-networking.org/en/index.html

also with this
AdAware
*www.lavasoftusa.com/software/adaware/

and after these scans post the log file of HijackThis....
*www.spychecker.com/program/hijackthis.html

Learn how to use HijackThis here....
*www.thinkdigit.com/forum/viewtopic.php?t=15729

 

[sunnydiv]

grniing



try adaware, and pray to god, pray pray pray

 

[anandk]

spyware definately !

empty ur pc of cookies and temp internet files. then scan your pc with adaware, cws shredder, spybot. in future download and use spywareblaster and spywareguard, BOTH from JAVACOOL. they work very effectively and quietly in the background , when u r on the net. as far ar pop-up blockers r concerned, google is considered the best.

 

[swatkat]

Along with CWShredder, get ABout:Buster and run both of them in SAFE Mode.
*www.majorgeeks.com/download4289.html

 

[club_pranay]

using only one anti-spyware never works for me. try Lavasoft AdWare or XSoftSpy also and as told by aadipa , bharathbala2003 post hijackthis log asap.

 

[himtuna]

Simple way - use another explorer like opera or firefox instead of IE . It woked with me.Iam using opera.

 

[bharathbala2003]

Simple way - use another explorer like opera or firefox instead of IE . It woked with me.Iam using opera.

so leave IE corrupted huh? and make ya computer vunerable for attacks.. gr8 option

seriously id recomend u to scan with the above mentioned tools.. else u r in a danger only..

 

[himtuna]

Simple way - use another explorer like opera or firefox instead of IE . It woked with me.Iam using opera.

so leave IE corrupted huh? and make ya computer vunerable for attacks.. gr8 option

seriously id recomend u to scan with the above mentioned tools.. else u r in a danger only..

himtuna replys: itried spyware doctor for one week, ms anti spy , spybot(in use) and even deleted some suspecious folders but my cheaks went pink when i was etrading along with my papa
therf i tried opera .iam teerrriieeeeeeeefied to use IE

 

[bharathbala2003]

i dont think its not too difficult.. jus run a scan using the HJT and post the log here.. ur prob can b solved..

 

[himtuna]

hi what is HJT and how to post log ?

 

[bharathbala2003]

hi what is HJT and how to post log ?

jus scroll above to my 1st post in the thread..

and after these scans post the log file of HijackThis....
*www.spychecker.com/program/hijackthis.html

Learn how to use HijackThis here....
*www.thinkdigit.com/forum/viewtopic.php?t=15729

 

[himtuna]

himtuna posts:
StartupList report, 09/04/2005, 14:32:27
StartupList version: 1.52.2
Started from : C:\Documents and Settings\compaq\Desktop\BACK UP\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RConnect\RConnectDialer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\compaq\Desktop\BACK UP\hijackthis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Instant Access = rundll32.exe EGDACCESS_1058.dll,InstantAccess

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
CODEBASE = *download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 3,757 bytes
Report generated in 0.040 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[drgrudge]

Ohh? This dont look familiar... and also the version seems to be old.

StartupList version: 1.52.2

Anyways, there don't seems to be any problem.

 

[thecyclone2k]

try spbyot search and destroy, it might help you! or the best cure do a freash install

format c: - the best solution!

 

[bharathbala2003]

was that HJT log file this looks new

ill post the report of the HIJACK THIS..

Logfile of HijackThis v1.99.1
Scan saved at 5:45:35 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program files\Opera\opera.exe
D:\HT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.thinkdigit.com/forum
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "D:\Program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - *go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109423309296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - *www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - *messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

i suppose u posted sumthin else.. the log file appears in a notepad as soon as u finish the scan.. ill post the screenie of the HJT also and my mouse will point wher to click...

*img96.exs.cx/img96/3205/hjt8hk.th.jpg

 

[devilhead_satish]

Microsoft Anti Spyware Beta.
*downloads.microsoft.com
This should help. It is absolutely merciless and very feature rich too.