Pop-UPs when browsing local files

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

l_jaxn

Thread Starter
Joined
Sep 20, 2003
Messages
4
Hi all,
My problem is that I get porn-popups ONLY when I open local files on my computer..NOT when I am browsing the web..

As you can imagine this drives me batty when I am testing websites that I am working on.

I am almost sure this came from a FREE FrontPage Theme which I downloaded and installed yesterday.

Here is my HT log.

Thanks,
Larry

Logfile of HijackThis v1.97.2
Scan saved at 10:53:05 PM, on 9/20/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BroadJump\CorrectConnect Engine\CCD.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ubi.com\Core\gs-launcher.exe
c:\Program Files\Red Storm Entertainment\Ghost Recon\GHOSTRECON.EXE
C:\DOCUME~1\jaxn\LOCALS~1\Temp\~f39a36.tmp
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\jaxn\Local Settings\Temp\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - C:\DOCUME~1\jaxn\LOCALS~1\Temp\BHO.0.1.0.143.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.fastaccess.com/sdccommon/download/tgrc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37852.8396296296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
 
Joined
Jan 9, 2003
Messages
1,058
The log looks clean. What theme did you download and from where? I could check if there's any pop-up code there.
 

l_jaxn

Thread Starter
Joined
Sep 20, 2003
Messages
4
Well several...

FTPheme1Reg was an exe file.
Theme-Pak
TS_Professional_2
STSampler
Sharepoint-legal-large

It never fails...as soon as I click file - open-browse and select a file from my harddrive....boom...I get porn.

If I go to the internet, no problems.
 

l_jaxn

Thread Starter
Joined
Sep 20, 2003
Messages
4
I believe that is part the BellSouth diagnostics...But I will remove it in case. BellSouth uses that when you have a problem with their DSL, their support people can take control and look around.
 
Joined
Jul 26, 2002
Messages
46,331
l_jaxn

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - C:\DOCUME~1\jaxn\LOCALS~1\Temp\BHO.0.1.0.143.dll

O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Restart your computer

Go here http://www.lavasoftusa.com/software/adaware/ and download Adaware 6

Install the program and launch it.

I strongly recommend that you read the help file to familiarize yourself with the program.

Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot" then click "Proceed"

Next in the main window look in the bottom right corner and click on "Check for updates now" and get the latest referencefiles.
After getting the latest referencefiles you are ready to scan.

Click "Start" and in the next window make sure "Active in depth scanning" is checked then click "Next" and the scan will begin.

When it is finished let it fix everything it finds.

Restart your computer.

Then go here http://spybot.eon.net.au/index.php?lang=en&page=download and download Spybot.

Install the program and launch it.

Before scanning press "Online" and "Search for Updates" .

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds.

Restart your computer.

Be sure and take advantage of the "Immunize" feature in Spybot.

Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
On this page you will find a link to Javacool's SpywareBlaster and Spyware Guard. Get them both and check for updates frequently.
The Immunize feature in Spybot used in conjunction with SpywareBlaster and SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.
 

l_jaxn

Thread Starter
Joined
Sep 20, 2003
Messages
4
Thanks,, something fixed it.

I wish I knew which one. It seems when I ran Spybot the last time it found more stuff than it had cleaned the first time.

I had already removed the BroadJump (BellSouth debug client) and I was still getting the problem.


Oh and Spyware reports blocking of the ads when I came in to post!

Thanks everyone.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top