porn, porn, go away, please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

grandpaw7

Thread Starter
Joined
Aug 19, 2000
Messages
2,233
Well, that'll teach me. So I opened a porn site. God Amighty, it was a fertile one. Up pop all these sites which refused to go away until I shut down. Before I shut down, I couldn't run Ad Aware or even keep HON running long enough to send a post. After I booted back up, the sites appeared to be gone, but I ran Ad Aware anyhow.

I don't want to know how to close these sites without shutting down; that may deter me from paying them another visit.

But I do want to do what I can to keep porn sites from popping up. I'd also like to do what I can to clean my computer of evidence I've been a bad boy. Can I do that without doing a clean install, and anyhow would a clean install help?

When I was dealing with a thing called Second Thought that made it's way into my computer, one of the things I was told I should do was to go to regedit>ecit>find and look for second thought, which I found and deleted. Is there something like that I can do with these porn sites?

Here is my hijack log. I'm hoping some kind hearted person will look it over and let me know if it calls for action on my part. Deeply obliged:

Logfile of HijackThis v1.97.1
Scan saved at 4:27:51 PM, on 9/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\YCIII\YANKCLIP[1]\YANKCLIP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\PRINTKEY-PRO\PRINTKEYPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\PROPEL ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [ClipMate6] C:\PROGRAM FILES\CLIPMATE6\CLIPMT61.EXE
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip[1]\YankClip.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: Shortcut to Printkeypro.exe.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Grab &Selected Text... - res://C:\PROGRAM FILES\COGITUM CO-CITER\COGITUMHELPERS.DLL/ctGrab.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Co-Citer (HKLM)
O9 - Extra 'Tools' menuitem: Cogitum &Co-Citer (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37600.3999768519
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (AolCoach TrainerOCX Ctrl) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/1,0,3,8/us/AccesMembre.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

grandpaw7

Thread Starter
Joined
Aug 19, 2000
Messages
2,233
Another thing. I see recommendations that a person run not only Ad Aware but also Spy Bot Search and Destroy. Should I do that? Thanks.
 
Joined
Mar 9, 2003
Messages
4,699
I don't see much in your start-ups. Start by doing this:

In Hijack This, check ALL of the following items
Next, close all browser Windows, and have HT fix all checked.

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...uditControl.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/1,0...AccesMembre.cab




Reboot into normal mode


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 
Joined
Mar 9, 2003
Messages
4,699
With Windows 98 you still have the power of DOS to work for you.

Start > Shutdown and Restart in MS_DOS mode

Once in DOS type in the following commands exactly:

SMARTDRV.EXE

CD \WINDOWS
DELTREE /Y COOKIES
DELTREE /Y HISTORY
DELTREE /Y RECENT
DELTREE /Y TEMP
DELTREE /Y TEMPOR~1


ctrl-alt-delete to reboot to windows

When you reboot windows will recreate all the above folders, so fear not.

Now that you have gotten rid of that "land fill" called Temporary Internet Files, you may want to reboot into Safe Mode and run defrag.

If you have never deleted Temporary Internet Files in the past, my guess is that you can recover 50 - 100 meg of HD space. Maybe more if you have never done it since day one.

The most space I have ever recovered from someone's PC was a whopping 1.3 gig.

Oh, by the way, boot time is slightly improved and you will notice a marked reduction in time to run a virus scan and defrag.

OPTIONAL: Do it now or do it later, but do it.

Next power down and then as you start up hold down the crtl key (depending on manufacture some use the F8 key. If ctrl doesn't work, try again using the F8 key) Which ever way is successful you should now have a black screen with a menu of 5 or 6 choices. Select Safe Mode.

Once in Safe Mode, click on Start > Run and type in defrag. Defragging in Safe Mode is faster because defrag isn't interrupted by the windows background disk and "house keeping" calls.

Good Luck. Let us know how it works for you.
 
Joined
Mar 9, 2003
Messages
4,699
Originally posted by grandpaw7:
Another thing. I see recommendations that a person run not only Ad Aware but also Spy Bot Search and Destroy. Should I do that? Thanks.
Yes. Most of us run BOTH. What one misses, the other picks up on. Usually it's just a matter of which one has the newest definitions.

That said, always run the updates for each program before running. With new crap hitting the internet all the time, you want to make sure that all your definitions are as up to date as possible. This means your Antivirus, Ad-Aware, SpyBot S&D and any other scanners you use.
 
Joined
Aug 17, 2003
Messages
240
Grandpa:

I agree with all the suggestions above. It looks like your system has some type of virus.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,318
Grandpaw:

You most definitely want to run both Spybot - Search & Destroy 1.2.0 AND Ad-aware 6.0.181.

Make sure to run the updates function of Spybot, then download and install all of them, before running the spyware scan. Check and delete everything in "red" that appears.

Make sure to keep Ad-aware updated with the most current version, which currently is 6.0.181. If you retain an older version, it will not detect and install reference file updates. This makes it pretty useless after awhile. And like Spybot, make sure to run the updates function before running the spyware scan. Check and delete everything that appears.

Once you go to a porn site or any other unscrupulous site, you are leaving your computer wide open for all kinds of spam, pop-ups, and other nasties. (n)

Frank's Windows 95/98 Tips
 
Joined
Jul 26, 2002
Messages
46,349
In regards to running both Adaware and Spybot I will echo what the others have said. I highly recommend running them both on a weekly basis.

From my recent observations it appears to me that the people at Lavasoft have stepped up their efforts in releasing updated referencefiles. IMO they are slightly ahead of the game in that area and as of late have redeemed themselves from the bad rap they got as a result of the lack of support they were giving Adaware 5 during the development of Adaware 6.
 
Joined
Aug 18, 2003
Messages
2,438
"Well, that'll teach me. So I opened a porn site. God Amighty, it was a fertile one."

LOL ...

In addition to the program normmork mentioned, you might want to visit Javacool Software at: http://www.wilderssecurity.net/ ... check out SpywareBlaster and SpywareGuard.
 

grandpaw7

Thread Starter
Joined
Aug 19, 2000
Messages
2,233
I was just posting another question when I noticed I have sevral replies on this thread. I didn't receive any notification of replies and just assumed there weren't any. In fact, my feelings were a bit hurt. Now, my feelings are "I apologize". I've just seen the replies and have not yet even read them, but I didn't want to delay acknowledging them. Thanks very much for them. I will report back after I have had a chance to implement the advise. Since things are rather busy today, I'm going to have to work that in as I am able. Did I say "I apologize"? grandpaw7

P.S. I haven't checked to see if reply notifications have been going out but since they were going out just before I opened this thread I assumed that the notification program was working.

PPS. Did I say "I'm sorry"? It is so nice of people to provide this service that it's very bothersome to me to appear to ignore the help.
 
Joined
Mar 9, 2003
Messages
4,699
This is only to test your notifications.
As a thought, since the word porn is in your thread subject, perhaps an email filter is blocking or deleting the message.
 
Joined
Jun 19, 2003
Messages
1,241
Hi all,

Just a thought, but wasn't email notification down about a fortnight ago, while a new server was being installed? That would coincide with the dates of the above posts.

Cheers

Liam
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top