porn problem - Page 2

IMM · 27-Apr-2003, 04:12 AM **#16**

You've made some serious progress

Well - there are a couple of issues perhaps
Think I still see something.
(no name) - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B}
This looks to me to be HuntBar (see http://www.doxdesk.com/parasite/HuntBar.html for info)
It has me wondering how you ran SpybotSD (I thought spybot should get that one) - did you check the boxes and choose to fix the problems?
There are some brief instructions at http://tomcoyote.org/SPYBOT/
The other thing, is that I don't know that MSHTA should be running. Perhaps search your hard drive (set explorer to show hidden files first) for files with the .hta extension (use *.hta in the Named box)

---------------- On to some performance tuning -------
FindFast is a rather useless resource hog - I'd get it out of there - see the following links.
Q158705 - OFF97: How to Disable the Find Fast Indexer
http://support.microsoft.com/support.../Q158/7/05.asp
or
Q199787 - OFF2000: How to Turn Off the Find Fast Indexer
http://support.microsoft.com/support.../Q199/7/87.ASP

If you don't use office routinely then I'd uncheck OSA using msconfig (works for me)

Unless you use it often there should be a way (from within jukebox) to keep it from loading automatically.
(I personally don't like the app)

Gordon7000 · 27-Apr-2003, 04:59 AM **#17**

Hi IMM,

Do you know if the latest updates of Spybot includes the BTLink variant of Huntbar? According to doxdesk.com, they say:

"Ad-Aware reffile and Spybot S&D can remove HuntBar variants other than BTLink and BTIn."

Unless it's included in the latest updates of Spybot, BTLink might need to be removed manually from the system. What do you think?

Regards, Gordon

TonyKlein · 27-Apr-2003, 05:22 AM **#18**

SpyBot S&D has Btein.dll.

BTlink.dll is included into the latest SpyBot beta updates:

Press Settings, and Settings again.
Go to the Webupdate section, and check "Display also available beta versions".

Now when pressing Online, and searching for updates, all updates will be displayed.

Don't be taken aback by the fact that these are so called "Beta" updates.
Unlike at Lavasoft, SpyBot updates are first released as betas a few days before they're turned over to the craving masses.

This makes SpyBot beta updates about as reliable as regular Ad-Aware updates.

Here's what the April 24 beta updates contain:

Spyware:

++ AUpdate,
+ C2.lop,
+ FreeScratchCards,
+ HuntBar,
+ WurldMedia,
+ Gator,
+ Wishbone

Malware:

++ NetRatings Premeter,
++ RVP

Hijacker:

++ HotAndSexy,
++ CnsMin.EasyService,
++ EZ-Searching,
++ SexOcean,
++ Grokster.Mayan,
++ 17plus,
++ SuperSpider,
++ GlobalWebSearch,
++ TopSearcher,
++ Unknown,
+ ShopNav,
+ I-Lookup,
+ SexArena,
+ RapidBlaster,
+ SubSearch

Dialer:

++ DCON,
++ Libera (2),
+ TeenXXX,
+ Dialler,
+ MAsterconnector,
+ HackerAG,
+ Adult Chat,
+ All in One Telcom,
+ FCI,
+ Stardialer,
+ Wonderplus,
+ 00SyncNet,
+ Mainpean,
+ Central24,
+ Dialer_XX (3),
+ Direct-Dialer (17),
+ InterSys Inc (10),
+ RSE721 (2),
+ Unkown (12)

Tracks:

++ ABI Coder,
++ ACDSee 5.0,
++ Advanced Grapher,
++ Alcohol 120%,
++ DVD Shrink,
+ Getright,
++ Image Analyzer,
++ LeechGet,
++ Gabest Media Player Classic,
+ MS

IMM · 27-Apr-2003, 05:42 AM **#19**

Thanx Tony - I was out for a while. Been using betas so long that I forgot the regular stuff was out there

TonyKlein · 27-Apr-2003, 06:07 AM **#20**

No prob!

Gordon7000 · 27-Apr-2003, 06:57 AM **#21**

Thanks, Tony. Appreciate this info.

Gordon

mrfergy52 · 06-May-2003, 08:26 PM **#22**

forgive me, i'm new
need help removing "portal" that leads to porn page

Die Hard · 06-May-2003, 08:50 PM **#23**

mrfergy52, hi and welcome to the forum.

Quote:

**forgive me, i'm newneed help removing "portal" that leads to porn page**

I think you`d better start a new thread for your problem. Please do so and tell exactly what your problem is.

Die Hard

TonyKlein · 06-May-2003, 08:52 PM **#24**

No, I think that's OK:

Go to http://www.tomcoyote.org/hjt/, and download Hijack This.

Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless, so do NOT fix anything yet.
Someone here will be happy to help you interpret the results.

mrfergy52 · 07-May-2003, 05:42 PM **#25**

i hope this is it

mrfergy52 · 07-May-2003, 05:55 PM **#26**

i also received this email
i think it is to delete "portal"
but i can't read it
need english(i'm dumb, very plain english!)

TonyKlein · 07-May-2003, 05:57 PM **#27**

Thanks!

You have a lot of spyware, dialers, and one or two backdoor trojans.

And we're only seeing half of your log...

Do this:

Download Spybot - Search & Destroy

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'.
In that case you will get a dialog asking you to run SSD at next start.
Click yes and reboot.
Subsequently SSD will come up before the system puts these components 'in use', and it will then be able to 'fix' the rest.

After that, please re-run Hijack This, but please copy the entire log: Go to Edit > Select all, then to Edit > Copy.

Now show us the log, so that we can help you get rid of the remaining baddies.

Goodluck,

TonyKlein · 07-May-2003, 06:04 PM **#28**

BTW, what you can do, is check, and have Hijack This fix the following:

O4 - HKLM\..\Run: [system32] config32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common O4 - HKLM\..\Run: [MS-Connect] C:\WINDOWS\SYSTEM\WEB.EXE

Now restart your computer, and delete the following files:

- config32.exe (do a Find Files for it)
- Web.exe in C:\Windows\System

SpyBot will take care of most of the rest.

Cheers,

TonyKlein · 07-May-2003, 06:18 PM **#29**

Quote:

Originally posted by mrfergy52:
i also received this email
i think it is to delete "portal"
but i can't read it
need english(i'm dumb, very plain english!)

The MS Connect people want you to provide them with some details , so that they can send you an uninstaller to remove the dialer they forced on you.

Don't bother with it. SpyBot will remove all traces of it.

mrfergy52 · 07-May-2003, 07:59 PM **#30**

this is hijack after spybot
i will be offline about an hour, while
i'm off i'll fix/delete your prior suggestion

aLogfile of HijackThis v1.93.0
Scan saved at 5:40:06 PM, on 5/7/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=www.kconline.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gateway.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=;<local>;localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina=file:///C:/Program%20Files/MS-Connect/Portal/portal.html
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\PKEXT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GRA] C:\cabs\grainstall\GRA.exe
O4 - HKLM\..\Run: [system32] config32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\PROGRAM FILES\ANTI-TROJAN-55\ATWatch.exe
O4 - HKLM\..\Run: [MS-Connect] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [system32] config32.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [tm] wndcmd32.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: AbsoluteShield Internet Eraser (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0410.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20...eInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {853C1A83-1639-11D0-8BBF-0080C7A01083} (Web Browser Pop-up Window Control) - http://activex.microsoft.com/activex...b/webpopup.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/...ditControl.cab
O16 - DPF: Yahoo! Chat (ContentAuditX Control) - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 (ContentAuditX Control) - http://download.games.yahoo.com/game...s/y/pota_x.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: Yahoo! NFL StatTracker (SurferNETWORK Plugin) - http://aud8.sports.yahoo.com/java/y/nflst8224_x.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...645.7491782407
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router security slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!