MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Internet & Email arrow Topic: Instant Dial-up and Home Page Re-direction
October 14, 2019, 07:28:14 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 14, 2019, 07:28:14 PM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Instant Dial-up and Home Page Re-direction  (Read 3600 times)
Chloehayleigh
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« on: March 17, 2004, 09:05:50 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Sony Vaio
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


Please, Please help. I am one step away from launching this laptop against the wall.  This q is very similar to d joy 14, and I have attempted to follow those instructions but to no avail.  When I switch on my comp. it automatically comes up with the connection.  When I press connect my homepage is routed to search-space and then a p*rn site.  I run through the rigmarole of changing the homepage but i cannot get rid of it.  I have downloaded spybot do not know what to do next.

Thanks in advance
Chloe
« Last Edit: March 17, 2004, 10:32:35 PM by Chloehayleigh » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: March 18, 2004, 02:11:09 AM »

Hi Chloehayleigh, Did you actually update Spybot(online)
Check for problems and Fix problem in RED.....
Spybot makes backups in Recovery in case you have to undo changes....
Restart your computer.

search-space is a CoolWebsearch variant infection

There are two things I would like you to do.....
First download CWShredder, this is a direct link
Save it to disk------Open CWShredder and close down ALL other open
windows----Click FIX and let it fix all problems and then Restart your
computer...http://www.spywareinfo.com/~merijn/files/CWShredder.exe

Also could you download Hijackthis----Save to disk-----With HijackthisOpen and ALL other windows closed-----Do a SCAN----
SAVE LOG---Copy and paste the whole contents of the log here to be
analyzed.....
You will want to create a Permanent folder on your hard drive to save
hijackthis.exe to  EG...Open MY Documents----Right click and Select NEW--Folder---Name it HJT---Save hijackthis to that new folder
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

P.S. I would prefer to see a hijackthis log before running CWShredder
Logged

 
Chloehayleigh
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #2 on: March 18, 2004, 09:05:16 PM »

Thank you benditup, I am going to do all right now.
Logged

 
Chloehayleigh
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #3 on: March 18, 2004, 09:23:12 PM »

Hi benditup

I think this is the log you requested.

I will await your instructions.  
Cheers

ChloeLogfile of HijackThis v1.97.7
Scan saved at 21:33:28, on 18/03/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
F1 - win.ini: run=hpfsched
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00106\GD-DIAL.EXE -remove
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38063.5548842593

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: March 19, 2004, 01:48:58 AM »

Go into your add/remove programs, accessed from your Control Panel and
search for Global Dialer, if there remove it


If it is not in the Add/Remove Programs we'll try to get rid of it
manually.

Open Hijackthis and close all other windows and do another SCAN

Put a check next to any of these entries remaining and then FIX checked

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00106\GD-DIAL.EXE -remove

I doubt if you manually added these to your hosts file, so check them
also.

O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com

Restart your computer and Navigate to this folder, if still there

c:\program files\GlobalDialer\domer00106\GD-DIAL.EXE
and delete the GlobalDialer folder.

Restart your computer one more time and then post another fresh log and let me know if everything is back to normal
Don't forget to run Spybot once in awhile. Be sure to update.
Did you already run CWShredder, if not do so, just to be on the safe side.


Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: March 19, 2004, 02:14:50 AM »

Chloehayleigh, Since you downloaded CWShredder there may have been
a recent update, I just checked my version and it was updated today
or yesterday....
When you open up CWShredder can you check for updates and run the newer
version, thanx
Logged

 
Chloehayleigh
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #6 on: March 19, 2004, 09:07:35 PM »

Hi ben

I have did all of the above, and attached a log.  I am now going to up-date CWShredder.

Hijackthis made a copy of the following files;

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00106\GD-DIAL.EXE -remove
 
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com

Do I delete them also.

Many thanks for all your help, it is greatly appreciated.

Cheers
Chloe

Logfile of HijackThis v1.97.7
Scan saved at 21:01:52, on 19/03/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38063.5548842593

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: March 20, 2004, 03:49:34 AM »

Did you delete the GlobalDialer folder?
Just to make sure you don't have problems in the future
I recommend downloading JavaCool's spywareblaster
After install---Check for updates and then Select All---Protect against
checked items
http://www.javacoolsoftware.com/spywareblaster.html
Your log looks clean, by the way, I've got Window 98SE
on my other computer and have had no problem running
IE6---You may want to think about updating visiting Windows Update
and updating your version of IE

OPTIONAL but recommended entries to remove:

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

to help with system resources. Or us a third party starter app
such as Codestuff's Starter
Let me know how everythings going
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: March 20, 2004, 03:51:34 AM »

By the way Chloehayleigh---If everything is running okay, in about a week
delete the backups;D
Logged

 
Chloehayleigh
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #9 on: March 20, 2004, 09:49:21 PM »

Thanks very much for all your help Ben.

If you are ever in Glasgow, I owe you a pint Smiley

Chloe
« Last Edit: March 20, 2004, 09:50:23 PM by Chloehayleigh » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: March 21, 2004, 01:37:42 AM »

Hey, I will take you up on that Smiley

Let's hope you can keep those critters off permanently...

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 08, 2017, 10:49:49 PM