1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

porn, porn, go away, please

Discussion in 'Virus & Other Malware Removal' started by grandpaw7, Sep 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. grandpaw7

    grandpaw7 Thread Starter

    Joined:
    Aug 19, 2000
    Messages:
    2,233
    Well, that'll teach me. So I opened a porn site. God Amighty, it was a fertile one. Up pop all these sites which refused to go away until I shut down. Before I shut down, I couldn't run Ad Aware or even keep HON running long enough to send a post. After I booted back up, the sites appeared to be gone, but I ran Ad Aware anyhow.

    I don't want to know how to close these sites without shutting down; that may deter me from paying them another visit.

    But I do want to do what I can to keep porn sites from popping up. I'd also like to do what I can to clean my computer of evidence I've been a bad boy. Can I do that without doing a clean install, and anyhow would a clean install help?

    When I was dealing with a thing called Second Thought that made it's way into my computer, one of the things I was told I should do was to go to regedit>ecit>find and look for second thought, which I found and deleted. Is there something like that I can do with these porn sites?

    Here is my hijack log. I'm hoping some kind hearted person will look it over and let me know if it calls for action on my part. Deeply obliged:

    Logfile of HijackThis v1.97.1
    Scan saved at 4:27:51 PM, on 9/11/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\YCIII\YANKCLIP[1]\YANKCLIP.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\CALLWAVE\IAM.EXE
    C:\PROGRAM FILES\PRINTKEY-PRO\PRINTKEYPRO.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\PROPEL ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [ClipMate6] C:\PROGRAM FILES\CLIPMATE6\CLIPMT61.EXE
    O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip[1]\YankClip.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
    O4 - Startup: Shortcut to Printkeypro.exe.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Grab &Selected Text... - res://C:\PROGRAM FILES\COGITUM CO-CITER\COGITUMHELPERS.DLL/ctGrab.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Co-Citer (HKLM)
    O9 - Extra 'Tools' menuitem: Cogitum &Co-Citer (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37600.3999768519
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (AolCoach TrainerOCX Ctrl) - http://esupport.aol.com/help/engine/aolcinst.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/1,0,3,8/us/AccesMembre.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  2. grandpaw7

    grandpaw7 Thread Starter

    Joined:
    Aug 19, 2000
    Messages:
    2,233
    Another thing. I see recommendations that a person run not only Ad Aware but also Spy Bot Search and Destroy. Should I do that? Thanks.
     
  3. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    I don't see much in your start-ups. Start by doing this:

    In Hijack This, check ALL of the following items
    Next, close all browser Windows, and have HT fix all checked.

    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...uditControl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/1,0...AccesMembre.cab




    Reboot into normal mode


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    With Windows 98 you still have the power of DOS to work for you.

    Start > Shutdown and Restart in MS_DOS mode

    Once in DOS type in the following commands exactly:

    SMARTDRV.EXE

    CD \WINDOWS
    DELTREE /Y COOKIES
    DELTREE /Y HISTORY
    DELTREE /Y RECENT
    DELTREE /Y TEMP
    DELTREE /Y TEMPOR~1


    ctrl-alt-delete to reboot to windows

    When you reboot windows will recreate all the above folders, so fear not.

    Now that you have gotten rid of that "land fill" called Temporary Internet Files, you may want to reboot into Safe Mode and run defrag.

    If you have never deleted Temporary Internet Files in the past, my guess is that you can recover 50 - 100 meg of HD space. Maybe more if you have never done it since day one.

    The most space I have ever recovered from someone's PC was a whopping 1.3 gig.

    Oh, by the way, boot time is slightly improved and you will notice a marked reduction in time to run a virus scan and defrag.

    OPTIONAL: Do it now or do it later, but do it.

    Next power down and then as you start up hold down the crtl key (depending on manufacture some use the F8 key. If ctrl doesn't work, try again using the F8 key) Which ever way is successful you should now have a black screen with a menu of 5 or 6 choices. Select Safe Mode.

    Once in Safe Mode, click on Start > Run and type in defrag. Defragging in Safe Mode is faster because defrag isn't interrupted by the windows background disk and "house keeping" calls.

    Good Luck. Let us know how it works for you.
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Yes. Most of us run BOTH. What one misses, the other picks up on. Usually it's just a matter of which one has the newest definitions.

    That said, always run the updates for each program before running. With new crap hitting the internet all the time, you want to make sure that all your definitions are as up to date as possible. This means your Antivirus, Ad-Aware, SpyBot S&D and any other scanners you use.
     
  6. PCvirgin

    PCvirgin

    Joined:
    Aug 17, 2003
    Messages:
    240
    Grandpa:

    I agree with all the suggestions above. It looks like your system has some type of virus.
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,939
    First Name:
    Frank
    Grandpaw:

    You most definitely want to run both Spybot - Search & Destroy 1.2.0 AND Ad-aware 6.0.181.

    Make sure to run the updates function of Spybot, then download and install all of them, before running the spyware scan. Check and delete everything in "red" that appears.

    Make sure to keep Ad-aware updated with the most current version, which currently is 6.0.181. If you retain an older version, it will not detect and install reference file updates. This makes it pretty useless after awhile. And like Spybot, make sure to run the updates function before running the spyware scan. Check and delete everything that appears.

    Once you go to a porn site or any other unscrupulous site, you are leaving your computer wide open for all kinds of spam, pop-ups, and other nasties. (n)

    Frank's Windows 95/98 Tips
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,331
    In regards to running both Adaware and Spybot I will echo what the others have said. I highly recommend running them both on a weekly basis.

    From my recent observations it appears to me that the people at Lavasoft have stepped up their efforts in releasing updated referencefiles. IMO they are slightly ahead of the game in that area and as of late have redeemed themselves from the bad rap they got as a result of the lack of support they were giving Adaware 5 during the development of Adaware 6.
     
  9. normmork

    normmork

    Joined:
    Oct 4, 2002
    Messages:
    76
    hi grandpaw7
    See this thread how to setup and scan with Ad-aware 6 for top effectiveness http://forums.techguy.org/t164245/s.html

    You might want to use IE-Spyads that adds sites to IE's Restricted Sites and then make sure the Security is set to HIGH. This will prevent downloads from these sites onto your machine
     
  10. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    "Well, that'll teach me. So I opened a porn site. God Amighty, it was a fertile one."

    LOL ...

    In addition to the program normmork mentioned, you might want to visit Javacool Software at: http://www.wilderssecurity.net/ ... check out SpywareBlaster and SpywareGuard.
     
  11. grandpaw7

    grandpaw7 Thread Starter

    Joined:
    Aug 19, 2000
    Messages:
    2,233
    I was just posting another question when I noticed I have sevral replies on this thread. I didn't receive any notification of replies and just assumed there weren't any. In fact, my feelings were a bit hurt. Now, my feelings are "I apologize". I've just seen the replies and have not yet even read them, but I didn't want to delay acknowledging them. Thanks very much for them. I will report back after I have had a chance to implement the advise. Since things are rather busy today, I'm going to have to work that in as I am able. Did I say "I apologize"? grandpaw7

    P.S. I haven't checked to see if reply notifications have been going out but since they were going out just before I opened this thread I assumed that the notification program was working.

    PPS. Did I say "I'm sorry"? It is so nice of people to provide this service that it's very bothersome to me to appear to ignore the help.
     
  12. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Let us know how you make out.
     
  13. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    This is only to test your notifications.
    As a thought, since the word porn is in your thread subject, perhaps an email filter is blocking or deleting the message.
     
  14. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,241
    Hi all,

    Just a thought, but wasn't email notification down about a fortnight ago, while a new server was being installed? That would coincide with the dates of the above posts.

    Cheers

    Liam
     
  15. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Very true.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164084

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice