argh! What kind of adware is this?

I’ve been getting some very weird behavior out of my comp lately. Last night I was getting absurdly slow d/l times out of everything. (I have DSL yet pages were taking about 10mins to load) today I keep getting a red screen that says “push enter for ten seconds for a cool surprise!” Needless to say I wasn’t about to hold down my enter key and say ‘ok’ to anything the put on my comp. These screens were opening up in Explorer when I use Mozilla for my default browser.

I’ve ran a virus check, Lavasoft Ad-ware, and Spybot to no avail. The red screen has stopped but now I get an off white page that says “Message from your ISP this page is appearing in accordance to some ad-ware you may have installed on your comp. It should not be viewable” (or something along those lines) Sure enough if I click on it directly it vanishes.

There are only three things I’ve done lately that could have caused this weirdness. Two days ago I used services.msc to shut off a few of the unnecessary ones. (needless to say I don’t think that was the cause of this I just want to name everything I’ve done lately) 2nd I re-installed NWN and used their auto update to get to speed (once again I find it unlikely that it’s causing this) 3rd I installed the newest build of ICQ. Which in my mind is the biggest suspect by far.

Any ideas before I tear out my hair and reformat? I’ve done every check I can think of looked through all the startup folders. Checked my services to make sure nothing was running. Looked at running processes and run adware/virus checks.

get hijackthis run it and post the results here.

say again?

Has your ISP given you special software for use with your DSL modem? Could be a problem with that.

Also, see if you have the DNS Client service enabled. It can really slow down your connection as it tries to double check every website you’ve ever visited to make sure the IP #s are still correct.

Unless you use a bunch of the special plug-ins for ICQ, I’d say punt it and get a multimessenger client (I recommend Miranda IM) and connect to ICQ through that.

When is the last time you visited Windows Update?

Get hijackthis one source is http://mjc1.com/mirror/hjt/ run it and post the output here

hijackthis is a regeditor on steriods.
If you do get it, I’d counsel against using it to change anything, but the log might help someone else figure out what’s going on.

When’s the last time you updated your definition files for Ad-Aware, virus, et al.?

1010011010,

Well I have MSN broadband b/c it’s the cheapest (and nearly only) broadband that’s around here. I don’t use the software at all except for the firewall which I have no control over.

DNS client is on. However why would it suddenly cause a slowdown that’s never happened before?

Only extra I have on ICQ is spell check so I’ll give your prog a shot.

I’m an obsessive updater. I double checked before posting this and I still have 0 updates available. (checked both adware and windows update)

Here’s that HijackThis log. Hopefully it gives someone a clue.

Logfile of HijackThis v1.97.7
Scan saved at 6:37:23 PM, on 12/6/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ICQ\Icq.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\me\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/pc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra ‘Tools’ menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1427bb884c9af963db05/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37906.6026851852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Do you know what “Stardock\SDMCP.exe” is? That’s unfamiliar to me.

I noticed that too. It’s related to a video game Galactic Civilizations. I renamed the .exe file and rebooted it doesn’t run in the background anymore.

I find it really odd the developers for that game seem to know better then to pull crap like that. I’m going to check their forums later and see if anyone else mentions it.

Heh I don’t think anyone cares but it was without a doubt the newest build of ICQ. I reformatted my comp re-installed ICQ and found that everytime a new banner D/L on the bottom of the ICQ messages that weird page poped up. If I let them stack to about 3 that’s when that red page would come up.

I confirmed this about five times. It only seemed to occur if you installed the new build without installing over any previous version. I installed ICQ lite which didn’t seem to have the bug. Then I upgraded to Pro and the problem has yet to re-occur.