1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ugly Stuff!

Discussion in 'Windows XP' started by Jimmy A, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    Was doing a SoftSpy SE scan. Saw something like this on the scan line:

    software/microsoft/Internet Explorer/search ~~~(and here some bad XXX porn type words that I did not ask for or put there.) I went into Windows Explorer to check everywhere i could find anything to do with Internet Explorer, and tried my XP Puppy Dog search.

    Could not find this stuff to get ride of it.

    The SoftSpySE scanned over it put did not catch it. Just that I saw it as I typed it above as it was scanning.

    Any ideas about where on my PC this might be??
  2. Loki57701


    Feb 4, 2007
    im not sure but whatever webpage you visit in IE is saved in your history and for example when your typing things in the "run" window certain webpages that you or anyone has visited using IE will show up. I think that same thing is true for your desktop search thing. Try erasing your browsers history and maybe downloading a program called "window washer". maybe start using firefox instead, im not a big fan of IE myself
  3. golferbob


    May 18, 2004
    why don't you post a hijkack log and have a pro look at it.
  4. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    I've seen people posting the hijack logs, but I've never learned how to do it.
  5. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    Already use Window Washer every day. My history stays clean. I've been to a few mild porn sites, but I use window washer and the file names I saw were bad and worser (?) than anything I ever went to.
  6. golferbob


    May 18, 2004
  7. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, I'm pretty sure what you saw were things the program was scanning FOR, or entries from links that were saved by AutoComplete or just in Temporary Internet Files.....but, let's take a look at a log.

    It's easier to get started in the right direction with this type of Hijackthis download:

    go to Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Do NOT attempt to use Hijackthis to fix anything without good help- just post the log please.


    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  8. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    Thank you so much for your time, for your response to my post. Will try to carefully do want you asked of me. Here is the log file. Please have an eye for any and all potential problems this log may reveal as it is my first ever Log File of this sort:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:19:07 AM, on 2/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\SiteAdvisor\6021\SAService.exe
    C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
    O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    You also said to do this:

    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.

    Don't know if i can do it with my browser open so I'll send it directly in another post.

    Thanks again,
    Jimmy A
  9. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    Here it is:

    Ad-Aware SE Plus
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    APC PowerChute Personal Edition
    ArcSoft Camera Suite
    ArcSoft PhotoImpression
    ATI Control Panel
    ATI Display Driver
    Belarc Advisor 7.0
    Canon Camera Window for ZoomBrowser EX
    Canon PhotoRecord
    Canon Utilities File Viewer Utility 1.2
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    ChainCast Proxy (remove only)
    Creative Diagnostics
    Creative Mixer 3
    Creative Restore Defaults
    Dell Solution Center
    Dell Support
    Digital Line Detect
    DivX Player
    Easy CD Creator 5 Basic
    EPSON Copy Utility
    EPSON Photo Print
    EPSON Scanner Reference Guide
    EPSON Smart Panel
    Google Earth
    Hijackthis 1.99.1
    HijackThis 1.99.1
    ieSpell 2.1.1 (build 325)
    InCD EasyWrite Reader
    Intel(R) PRO Ethernet Adapter and Software
    Intel(R) PROSet II
    J2SE Runtime Environment 5.0 Update 5
    Lexmark Supplies Monitor
    Lexmark Z65
    McAfee SecurityCenter
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB886906)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Reader
    Microsoft Streets and Trips 2004
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Mozilla Firefox (
    Nero Digital
    Nero OEM
    NeroVision Express Content
    Registry First Aid
    RegScrubXP 3.25
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Sound Blaster Live!
    Spybot - Search & Destroy 1.4
    USB Card Reader
    VCOM SystemSuite 5
    Webshots Desktop
    WexTech AnswerWorks
    Window Washer
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Yahoo! Toolbar

    I do want to get rid of that "Yahoo Toolbar." Also tried to uninstall one or two of the Cannon programs that I don't use. Like PhotoStitch. have a little Cannon Power Shot A-70 camera and just need software to upload pics from camera to PC. When I uninstalled Cannon programs I thought I didn't need, the picture upload wouldn't work so I re-installed it all. But this is for another time. Thanks for what you are doing now.

    Jimmy A
  10. golferbob


    May 18, 2004
    iam not a pro so i hope one comes along soon but i don't see mcafee antivirus on your startup menu [04]. if that is your amtivirus program i also see some norton stuff [016]are you running 2 antivirus programs ?
  11. Jimmy A

    Jimmy A Thread Starter

    Apr 18, 2004
    No, I never paid for any Norton. Could it be left over from doing a one time on-line scan?

    And the recently upgraded McAfee doesn't show a list of processes in the startup list in "msconfig" like the older version did. But it always loads at boot up and seems to be running. I get upgrades, alerts, notices, etc.

    If there are things I can safely delete I hope one of those highly competent, helpful and kind expert type people, like Mr. Byteman will render much appreciated assistance.
  12. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, There is nothing obvious in regard to malware in the Hijackthis log.

    The Symantec item 016 is the online Security scan so that is OK. Use it occaisionally.

    One item to fix: Put a check next to this item when you run Hijackthis again> then, CLOSE all other windows, including this one, you won't need it and it must be closed....next, click "Fix Checked".

    O2 - BHO: (no name) - AutorunsDisabled - (no file)

    Close Hijackthis and restart, and come back, post a new HJT log.

    You do have McAfee Internet Security,which has a real-time antivirus scanner plus some other interesting things like Hacker protection, and more. There is sometimes a slowdown when you have some of the protections running together....are you noticing any problems with your McAfee suite?

    Yahoo Toolbar: If it does not appear in your Control Panel>Add/Remove Programs, or does not uninstall, try this:

    You may be able to simply not use Yahoo Toolbar if it cannot be "Uninstalled". At the top of your browser window that has the toolbar, right click an empty spot, and Uncheck "Lock the Toolbar" if it is checked now. Then, Uncheck "Yahoo Toolbar" if it is checked.
  13. golferbob


    May 18, 2004
  14. welshY


    Dec 21, 2003
    try looking here

    hkeycurrent user/software/microsoft/windows/current version/internet settings/zone map/domains

    not sure if it's spybot or one of the others puts them there ?

    if I'm correct they are blocked sites
  15. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Yes, usually people become very upset when they view the Restricted Sites zone items, too, since they do not sometimes realize that those items are what is being Restricted, not places they have been, or files on the computer....

    Several programs do create entries in Registry, too...
    You are using SpyBot 1.4, but you apparently do not have the Internet Explorer Restrictions set (and, you should not, with the security suite you are using).

    IE 7 may use preset Restricted Sites, or carry them over from IE 6.
    Ad Aware SE Plus, since it has AdWatch (being

    the pay-for version), may be the one. Next candidates would be XoftSpy and CounterSpy.

    That all together, is perhaps a bit much--- do you have some set not to start, or the background/Real time protections, turned off for some?

    I don't think you would have many XXX items hanging around with those programs looking for them....

    If someone else uses the computer, and has their own user account name, you may not be able to "see" those items, and the scanners may. If no other users, do you password your account to logon?

    It doesn't take many minutes to rack up quite a few cookies and temp Internet files....

    My feeling is, same as others posted, that it is one of the scan programs that is configured to either load these sites into something like HOSTS domain entries (where the computer cannot connect to) or, malware that they are LOOKING for on the computer....some of the malware has adult titles. Or, they are the Blocked sites as was posted, and these definitely do have XXX names.

    Could be someone has "Searched" for some XXX places, even using Google the sites addresses are saved in Search History. Most toolbars would do the same.

    If you want to empty the temp files such as Autocomplete entries, History, typed URLs that are saved, and cookies completely as far as can be emptied, you can use something like ATF Cleaner, or CleanUp both small and free good utilities that we often reccommend here.

    Note: You only need one of these temp file cleaners.
    You also should be aware that removing Cookies may remove the automatic login info such as usernames and password that sites you sign onto, like this site, use to "recognize" you as a member.
    You absolutely must be sure you KNOW or have a record of, all your usernames and passwords when you use temp file cleanup tools! Although they have ways to SAVE cookies you need to keep, it can be time consuming to compile a list of them and configure a program to not delete those....

    So, just fair warning> you will have to login with usernames and passwords at sites like this, bank sites etc that are secure and you have an account etc....if you remove all those cookies!

    The GOOD part of removing Cookies is, sometimes websites change the site's configuration and your old Cookies may be slowing you down, not logging you in as they should, etc...so, once in a while it's good to get new ones! They come back when you re-visit those sites, or just about any site.
    With these utilities you have a much better chance at a really thorough cleanup, too.

    If you run one, you will be amazed if you never have at the amount of junk they take off.

    Download Cleanup from here

    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK

    Now boot to safe mode.

    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.

    Download ATFCleaner by Atribune & save it to your desktop. DO NOT use it yet. We will use it in Safe Mode, later
    As you probably know, deleting Cookies can result in you having to type in your username and passwords at ALL sites that use logins, like this site does, so if you willy nilly delete cookies, which is safe enough to do, you will have to re-establish these cookies and login the first time you visit any site like that.
    ATF Cleaner has a way to save those cookies you would like to keep but it will require some time. If you DO KNOW or have saved all your Passwords and login usernames you can delete all cookies.

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu"
    Use your arrow keys to move to "Safe Mode" and press your Enter key.

    Next, start up ATFCleaner:

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    Restart the computer.
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541157

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice