Huw Posted August 14, 2004 Share Posted August 14, 2004 i think that a dialler has been installed on my computer. it's called instant access and i presume it's a porn thing. i dunno if it has been activated or whatever, and i have to go onto the internet to uninstall it for some reason. anyways, how do i get rid of this?!! cheers. here is my hijack this log if it helps: Logfile of HijackThis v1.98.0Scan saved at 12:36:43, on 14/08/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\Program Files\Canon\BJCard\Bjmcmng.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Norton Internet Security\ccPxySvc.exeC:\WINDOWS\System32\gearsec.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\PREVX\Prevx Home\PXAgent.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\Microsoft Hardware\Keyboard\type32.exeC:\Program Files\Canon\BJPV\TVMon.exeC:\Program Files\Canon\BJCard\BJLaunch.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\mslagent\mslagent.exeC:\Program Files\E-Color\Common\IconMgr.exeC:\Program Files\Palm\HOTSYNC.EXEC:\Program Files\PREVX\Prevx Home\SAGUI.exeC:\Program Files\E-Color\E-Color Indicator\TICIcon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Tim\Desktop\Huw\Apps\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exeO4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXEO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccessO4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exeO4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXEO4 - Global Startup: Prevx Home.lnk = C:\Program Files\PREVX\Prevx Home\SAGUI.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/060fd34065efe5863d16/...ip/RdxIE601.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cabO16 - DPF: {BC01A402-4730-11D2-B36C-0000E8DF722B} (Illuminatus 4.5 IE Plugin) - http://www.digitalworkshop.co.uk/ilm450.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...352/mcfscan.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 Hehe. I wonder what you've been looking at on the net? Anyway, to kill it, run Hijack This! again, put a tick next to these items, close ALL browser windows then hit Fix Checked............ O4 - HKCU\..\Run: [instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess Then reboot and delete this file............. EGCOMSERVICE_1048.dll If it won't delete, reboot into safe mode and do it. Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 BTW - I see you didn't remove the items I mentioned when you posted your log in the other bit. :72_72: Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 OH YEAH - before you delete the dll file you might need to unregister it. Click Start then Run and type this............ regsvr32 /u "path and file name" Obviously putting the real path and file name in. You need to keep the quotation marks. Then hit Enter. E.g. If it's in your System32 folder you would type this.......... regsvr32 /u "C:\Windows\System32\EGCOMSERVICE_1048.dll" Quote Link to comment Share on other sites More sharing options...
Liam Posted August 14, 2004 Share Posted August 14, 2004 There is NO WAY to sure-fire remove a dialer. Trust me, they are very tricky pieces of software to remove. The only way you will get even close is to remove all suspect articles running Windows in SAFE MODE. Personally, I wouldn't bother. Nuke the drive. Put everything you need onto a second HD or CD's/DVD's, then flush the bastard with a military format. It really is the only sure way. Think 'Aliens' here. If you don't, the dialer WILL cost you money. I don't live with my parents, in the two and a half years since I moved out, they've racked up hundreds of pounds in dialer bills, because they refuse to nuke the drive. I can't get rid of them, and I really know what I'm doing! In the meantime, pull the plug Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 This dialler is only one file. It's a DLL file that binds itself to rundll32.exe. If you unregister it, remove the registry entry that makes it start up (i.e. Sort it with Hijack This!) and delete the file then it is gone. The only way it would come back is if there was a dodgy ActiveX component in your downloaded program files - those are the ones that start with 016 - DPF in Hijack This! All you have in there are some games, a couple of plugins and some antivirus stuff. Don't nuke the drive over one file dood! Quote Link to comment Share on other sites More sharing options...
Liam Posted August 14, 2004 Share Posted August 14, 2004 I would. Honestly. I keep four partitions: WINDOWSGAMESMUSICVIDEO After installing, Windows, get all your essential apps on there, and tweak it how you like it. Then use a program like Nero to make a DRIVE IMAGE. Burn it to a DVD (or store it elsewhere on your PC if you have the room). Whenever anything goes wrong, revert to the image in the space of a few minuites. You know it is completely clean and there is practically zero fuss. All about strategy... Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 I agree that's a good strategy for partitioning but I certainly wouldn't wipe my drive over something like this that can be removed in about a minute. I'd add a partition for the swap file too. Quote Link to comment Share on other sites More sharing options...
Liam Posted August 14, 2004 Share Posted August 14, 2004 I'd add a partition for the swap file too. No need second HD for that But generally having a partition just for virtual memory is a huge waste of space when any partition will do the jub just as well and provide no speed decrease. Do it on your music drive and defrags are less of an issue as most files will be sub 5MB Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 cheers for the help. i don't think it has been activated to be honest, when i clicked on it this morning, i didn't click agree or anything. also, i just did a system restore and half of the file has gone, so i think it has been neautralised. it also doesn't appear on my internet conncections box, which someone told me it does when it has been activated. anyways, i'll try and delete the fucker, don't really know how to reboot a drive properly, so i best leave it for now. besides, if it does cost me anything, it was a mate who downloaded it i think, so i'll rinse him for all the money. btw sigma, i thought i did delete the things you highlighted. i'll do it again now. Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 (edited) hmm, just searched for EGCOMSERVICE_1048.dll and it is nowhere to be found. the instant access folder is still there, but it seems that the .dll file is not. does that mean the system restore has deleted it and i can simply delete the instant access folder in program files? *EDIT: just ran Hijack This! and the entry has vanished too... Edited August 14, 2004 by huwbeanie Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 I'd add a partition for the swap file too. No need second HD for that But generally having a partition just for virtual memory is a huge waste of space when any partition will do the jub just as well and provide no speed decrease. Do it on your music drive and defrags are less of an issue as most files will be sub 5MB It can't be a waste of space! I set the virtual memory to a fixed size, hence the partition was created to accomodate it. If you use a variable sized swap file then you can just use System Monitor to see how big it gets and create the partition accordingly. My swap file doesn't suffer from fragmentation like it did when it was put onto a partition with other files. I agree that it should be on the second hard disc though, otherwise it might slow things down due to disc access times. Quote Link to comment Share on other sites More sharing options...
Liam Posted August 14, 2004 Share Posted August 14, 2004 In all seriousness, though: yes, things can be removed, but some are incredibly clever. Having seen first-hand bills of over £400 JUST from diallers, the only sure-fire advice I can give is to nuke. I wouldn't want that to happen to anyone else, it is such a cunt! Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 hmm, just searched for EGCOMSERVICE_1048.dll and it is nowhere to be found. the instant access folder is still there, but it seems that the .dll file is not. does that mean the system restore has deleted it and i can simply delete the instant access folder in program files? *EDIT: just ran Hijack This! and the entry has vanished too... Is there nothing inside the folder? Delete the folder anyway. The removal instructions for that dialler are what I gave above. I wouldn't have used system restore to go back. Make sure you have the option set to show hidden files and folders turned on before you search for that dll. Go into Windows Explorer and click on Tools then Folder Options then View. Make sure there is NO tick next to "Hide extensions for known file types" and then select "Show hidden files and folders". Then click OK and search for the dll file again. Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 BTW the entry vanishing from Hijack This! means that the file is not set to run when you boot your PC. That's good at least. Here are the removal instructions given by Kephyr.......... http://www.kephyr.com/spywarescanner/libra...ler/index.phtml It's basically the same except you edit the registry manually instead of using Hijack This! Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 just ran it, and it has vanished. nowhere to be found! seems like it has gone... Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 14, 2004 Share Posted August 14, 2004 Back to partitions for a minute, I got 8 on this 160 GB Hitachi. C: SYSTEM (Windows XP Pro) = 3.GBD: PAGEFILE = 3 GB (Virtual Mem min and max fixed at 768MB. When I get more RAM, this will be fixed at 1.5 GB)E: APPLICATIONS (Program Files) = 6 GBF: AUDIO = 40 GBG: GAMES = 40 BH: VIDEO = 40 GBI: DOWNLOADS = 10 GBJ: VARIOUS (documents, storage, etc) = 11 GB This is the best organization I've had, and defragging is a breeze. For my previous XP install on this new machine I tried a single 160 GB partition and it didn't work nearly as good either for organization or defragging. Now it works well. As for nuking the whole OS for the sake of one .dll file, it's really not worth it unless it causes a problem. A lot of people probably don't even have their OS on disc, sometimes they're on a shared PC, sometimes it takes ages, and in this case it's probably not worth it, so recommending a full install isn't really something we'd do. Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 what is partitioning and what benefits does it have? and how do i do it? Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 If the page file is gonna be fixed at 1.5GB why have you got it on a 3GB partition? Haven't you got two HD drives Dee? You would be better putting the page file on the second disc. Quote Link to comment Share on other sites More sharing options...
Steve Posted August 14, 2004 Share Posted August 14, 2004 what is partitioning and what benefits does it have? and how do i do it? Partitioning is splitting up a hard disc drive into portions. Each of these portions is looked at by Windows as a separate drive. Say you split your C drive into 3 partitions, you could have a C, D and E drive. The advantage is that if one drive gets fucked up, it doesn't affect all of your data. It's better to keep applications separate from any data files. It's also good as a matter of tidiness and keeping things together. You need a program to partition your drives - The one I use is Partition Magic. EDIT - I didn't mention access times either. If you install Windows on a 3GB partition as Dee has, then your PC will only need to look on the first 3GB of 160GB (in Dee's case) for any Windows files as they don't get spread over the whole size of the disc when they fragment. That means that in Dee's case the PC is looking on 2% of the disc instead of 100%, which leads to better performance. EDIT 2 - When you defragment, you only need to defragment any partitions that need doing, rather than the entire disc. With a large disc drive this can save you loads of time. EDIT 3 - Oh yeah! You could install more than one operating system and choose which one to boot into. This is good if you wanna try out Linux etc. No more edits now! Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 nice, i might do that sometime soon... Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 14, 2004 Share Posted August 14, 2004 You can partition before Windows is installed, right before you load the operating system, or you can use an application such as Partition Magic later on to split / resize partitions. Benefits are better organization, ease of defragging, speed (if you have more than one drive). Quote Link to comment Share on other sites More sharing options...
Huw Posted August 14, 2004 Author Share Posted August 14, 2004 one quick question about partitioning, i take it on one drive you'd just put the whole windows folder? and then with the others put whatever you want in? Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 14, 2004 Share Posted August 14, 2004 If the page file is gonna be fixed at 1.5GB why have you got it on a 3GB partition? Haven't you got two HD drives Dee? You would be better putting the page file on the second disc.<{POST_SNAPBACK}> Reason is because RAXCO PerfectDisk requires twice as much space as the Page File uses to be able to defrag. Your Page File should be fixed at 1.5 times the size of your physical RAM, so if you have 1 GB, you'll need a 1.5 GB Page. A further 1.5 GB is needed so PerfectDisk can move all the data around on the partition and defrag it. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 14, 2004 Share Posted August 14, 2004 one quick question about partitioning, i take it on one drive you'd just put the whole windows folder? and then with the others put whatever you want in?<{POST_SNAPBACK}> Yep. See my strategy. OS is on one 3 GB patition, then there's audio, applications, video, documents, games, page file, etc all on their own dedicated drives. It's working well for me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.