MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Internet & Email arrow Topic: Warning about surfing PEDO sites ?
November 15, 2019, 05:44:57 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 15, 2019, 05:44:57 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Warning about surfing PEDO sites ?  (Read 23375 times)
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« on: April 02, 2004, 05:53:54 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:  Windows ME
Problem Application Name & Version:  Internet Exploree 6
Problem Hardware Make & Model:
Error Messages:



Can somebody help me ?
For the past several months, I've always had www.yahoo.com as my default homepage that launches whenever I activate the IE 6 browser.
However, this morning, when I launched Explorer, my screen does not go to Yahoo, but instead I get redirected to some site that says the FBI may be watching all of the clicks on my computer.  Has something to do with an initiative to catch people who surf p*rn sites for underage children.  I've never been to one of those sites !!!

It seems that the site is part of some scheme to sell a Spyware Removal software.  But I am not sure.  They do post a screen where they display my IP information.

What can I do to get rid of that screen ?
Secondly, how do I get my homepage back ?

Pls advise

Logged

 
Admin
Administrator
Hero Member
*****

Karma: +4/-0
Offline Offline

Gender: Male
Posts: 4898



Bookmark and Share

View Profile
« Reply #1 on: April 02, 2004, 06:20:02 PM »

Hi,

You have some homepage hijacking spyware on your system!

Use Ad-Aware to clean it and then you can set your homepage back.

See http://www.mytechsupport.ca/index.php?option=com_smf&Itemid=42&topic=1226
Logged

Sylvain Amyot
http://www.mytechsupport.ca

If you like to concept of this site and want to help, click here to find out how.
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #2 on: April 03, 2004, 06:55:42 AM »

How do I know that Ad-Aware has cleaned it >
Then how can I set my homepage back ?

Also, how do I know the name of that spyware that hijacked my homepage ?
Logged

 
Dizzy
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 125


Bookmark and Share

View Profile
« Reply #3 on: April 04, 2004, 04:02:37 AM »

Hi cath...

If you would like to know what had hijacked your system, you can download and run Hijack This and post a copy of your log file here.  Don't fix anything after running the program, just paste your log file so we can see what is going on.

It's been awhile since I've run AdAware, but I know that Spybot S & D will give you a list of everything it finds.  It's safe to fix anything marked in red.  You should download, install, update and use the Immunize feature to help protect you against bad products.

To reset your home page go to Start | Settings | Control Panel | Internet Options then type in the url of your home page and click Apply | OK

Be sure to post back if you have any more questions.

Dizzy




Logged




I am a "One Off Gem."

Just ask My Julian. [Cheesy]
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #4 on: April 05, 2004, 08:14:00 PM »

Dizzy,
Here is the logfile that I got after I ran Hijack This

Pls let me know what you think.  I'd also appreciate any guidance from others.

Thanks


Logfile of HijackThis v1.97.7
Scan saved at 8:09:25 PM, on 4/4/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\REG33.EXE
C:\WINDOWS\DL.EXE
C:\WINDOWS\DLM.EXE
C:\WINDOWS\CONSOL32.EXE
C:\PROGRAM FILES\INTERNET THUNK\MOVE OPTION ABOUT.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\LOTUS\REGISTER\REMIND32.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#12372
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#12372
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#12372
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\MSJN\MSJN.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\MSJN\MSIESH.DLL
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\MSJN\MSSEARCH.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Cons] C:\WINDOWS\consol32.exe
O4 - HKLM\..\Run: [Atom Comp] C:\PROGRA~1\INTERN~2\Move option about.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37915.7973842593
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://extreme-virgins.com/dl/adv14/x.chm::/load.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\fpxsiumy.exe
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: April 05, 2004, 11:53:48 PM »

You have quite a few nasties on your computer... Do as Dizzy mentioned
and Download Spybot
It works well with Adaware ( what one misses the other
one usually catches ) In your case however, I believe we will still have to manually try to rid you of other entries in your log....

Spybot----Download----Save to disk-----Install----Update (online) very
important----Check for problems---as Dizzy mentioned, fix everything in RED
Spybot S&D 1.2 Alternate download location if Dizzy's link isn't working   http://www.snapfiles.com/download/dlspybot.html
Restart your computer

Run Adaware (Again--check for updates) and make sure you have set these options:
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
After Scan is complete
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
« Last Edit: April 06, 2004, 12:00:29 AM by benditup » Logged

 
Dizzy
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 125


Bookmark and Share

View Profile
« Reply #6 on: April 06, 2004, 12:32:13 AM »

Ditto. Grin

(couldn't resist)


Logged




I am a "One Off Gem."

Just ask My Julian. [Cheesy]
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #7 on: April 08, 2004, 01:54:18 AM »

Benditup,
I ran the Spybot and Ad-Aware with settings that you suggested.
Then got rid of the items detected by those 2 packages.
Still getting popups that direct me to www.0008k.com, which is the site that I do not want to be at.   Seems like some kind of problem is leading me toward www.0008k.com.   How do I prevent myself from getting redirected to that site ?

Also, regarding your suggestion to post a fresh HijackThis file:  are you saying that I should save a log file each time I run HijackThis ?   What is the benefit of that fresh log file ?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: April 08, 2004, 08:10:17 PM »

Hi again Catherder, there was an entry that I recognized in your log
that should of easily been taking care of with a deep scan of Adaware
or Spybot
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

If it's not gone, we will get rid of it,
there are quite a few entries in your log that indicate CoolWebSearch
Trojan

Could you please download CWShredder
http://www.spywareinfo.com/%7Emerijn/files/CWShredder.exe

Save to disk---Double click to run CWShredder----(Important)With CWShredder open and ALL other windows closed (including this one)Let it FIX all problems
RESTART your computer
Post another Fresh Hijackthis log......
I want to make sure we got everything, and by the looks of your log
we still have some cleaning to do...
That's why I ask for an updated log, no sense asking for the old one,
we may of cleaned out some of it
Don't run away----
These entries may or may not be fixed by CW
C:\WINDOWS\REG33.EXE
C:\WINDOWS\DL.EXE
C:\WINDOWS\DLM.EXE
C:\WINDOWS\CONSOL32.EXE

I want to make sure that we get you totally clean
P.S. there is more
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: April 08, 2004, 08:13:15 PM »

Edit still not working Huh?

And, yes, would you please save, copy and paste a new log each time
I ask for one, thanx
Logged

 
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #10 on: April 08, 2004, 11:06:26 PM »

Here is the latest Hijack This logfile, after I ran the CWShredder.
Pls let me know what my next steps should be
THanks foryour help

Logfile of HijackThis v1.97.7
Scan saved at 10:04:07 PM, on 4/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\CONSOL32.EXE
C:\PROGRAM FILES\INTERNET THUNK\MOVE OPTION ABOUT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Cons] C:\WINDOWS\consol32.exe
O4 - HKLM\..\Run: [Atom Comp] C:\PROGRA~1\INTERN~2\Move option about.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE

Logged

 
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #11 on: April 08, 2004, 11:08:57 PM »

I am still getting that crazy Free p*rn Portal www.008k.com redirect, with dialog box that asks if I want to install XXX Toolbar.
Also am getting http://trafficex.org popping up at same freuquency as before.
What should I do next ?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: April 08, 2004, 11:34:25 PM »

catherder, I have to see the Whole log, including the bottom,
There is only one entry that I can find no info on....
C:\PROGRAM FILES\INTERNET THUNK\MOVE OPTION ABOUT.EXE
Do you know what it is? If not could you please go here and run a scan
on it, thanx.
http://www.kaspersky.com/scanforvirus.html
or here
http://www.ravantivirus.com/

I was hoping to take care of the rest after you ran CWShredder,
the next time we will have to get it all at once..

Could you please move Hijackthis out of the temp folder and put it
in a Permanent folder on your harddrive,
EG..... Open MyDocuments---Right click an empty spot and select NEW---
Folder----Name that new folder HJT----This is where you want to save
Hijackthis.exe----This is also where your backups will be stored if you remove them hijackthis...

As mentioned earlier, please post the whole log, thanx
Logged

 
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #13 on: April 09, 2004, 12:47:38 AM »

Here is the HijackThis logfile, after I ran the CW Shredder.
The bottom of the log is the O4 item

I did move HijackThis out of temp and onto My Documents.  I've also put all of my HijackThis log files there too.

Am I missing anything ?
Thx

Logfile of HijackThis v1.97.7
Scan saved at 11:43:33 PM, on 4/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\CONSOL32.EXE
C:\PROGRAM FILES\INTERNET THUNK\MOVE OPTION ABOUT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Cons] C:\WINDOWS\consol32.exe
O4 - HKLM\..\Run: [Atom Comp] C:\PROGRA~1\INTERN~2\Move option about.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE

Logged

 
catherder
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« Reply #14 on: April 09, 2004, 12:58:11 AM »

OK here is my latest HijackThis log, after I moved HijackThis into My Documents folder
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 03, 2017, 10:21:15 AM