Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Random websites

  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Please get rid of the "09 extra button"


  2. #12
    Junior Member
    Join Date
    Jun 2006
    Posts
    13
    Logfile of HijackThis v1.99.1
    Scan saved at 7:36:49 PM, on 12/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\PHG.PHG-OSIF27X9QUK\My Documents\hijackthis\HijackThis.exe

    O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155192292151
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



    Here are some of the websites that popup

    !youbebo.com
    !tvlord.com
    !gazabo.com
    !relood.com/
    !anyfreetime.com/?4a4830f0
    !yousolo.com

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK, what do you have "Alcohol 120" for?



  4. #14
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    All those "cookies" are from spyware companies known to put out self-reinstalling and stealthed programs. They harvest information and they phone home.


    You can start by blocking cookies from those domains. You can also make sure your popup blocker is active and not compromised or you can use a 3rd party popup blocker like the Google toolbar.
    In IE open Tools>Pop UP blocker>PopUp blocker settings
    Check your IE security settings also.

    All of the mentioned malware are known issues contained in the Spybot Search and Destroy database and should be able to be removed using spybot from safe mode.

    Are you running spywareblaster? This program helps prevent lot of these objects from being installed in the first place.

    http://www.javacoolsoftware.com/spywareblaster.html

    You can manage your HOSTS file using this tool.. http://hostsman.abelhadigital.com/
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  5. #15
    Junior Member
    Join Date
    Jun 2006
    Posts
    13
    I downloaded hostsman and added the websites, the websites still pop-up but cannot be accessed, is there a way to stop them? It is only those specific pop ups. Even if I am not surfing the web they pop up like clock work.

  6. #16
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Quote Originally Posted by phgonline
    I downloaded hostsman and added the websites, the websites still pop-up but cannot be accessed, is there a way to stop them? It is only those specific pop ups. Even if I am not surfing the web they pop up like clock work.

    Did you use Ccleaner?

    One other thing you may want to do at this point is flush out your system restore points.


    Warning: All restore points will be deleted!
    1. User must be logged on as Administrator
    2. Right click the My Computer icon on the Desktop and click on Properties.
    3. Click on the System Restore tab.
    4. Put a check mark next to 'Turn off System Restore on All Drives'.
    5. Click the 'OK' button.
    6. You will be prompted to restart the computer. Click Yes.

      Note: To Enable System Restore, follow steps one to six and on step four remove the check mark next to 'Turn off System Restore on All Drives'. A new restore point will automatically be created.
    Using Disk Cleanup with the System Restore option, all restore points will be deleted except for the most recent restore point.

    After you have rebooted the system a few times, run your cleaners and do a defrag.

    IMO getting this will help.. Bite the Bullit and get Firefox
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #17
    Junior Member
    Join Date
    Jun 2006
    Posts
    13
    Thats where the popups are coming from now after I updated windows to SP2. Before it was only in IE then after the update they started poping up in Firefox... Anyways I have ccleaners and used it but they still pop up, I will try the disk cleanup.

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK, maybe a different approach will work?

    First a couple of questions:

    1. Do the pop-ups happen when you boot into safe mode ?
    2. Have you run Crap Cleaner and your scans in safe mode ?

    You might try this:

    1. Get WinPatrol from BillP Studios
    2. Use the tools to check out cookies, BHOs and the like
    3. Go into the "startup" module and disable everything you don't really absolutely need for your PC to function. This does not remove them, it just stops them from automatically loading on bootup. In particular disable stuff that you have downloaded from anywhere that is not the original author's site.
    4. Reboot into safe mode and run your CrapCleaner and scans.
    5. Reboot into normal mode.

    Do you still get the pop-ups?

  9. #19
    Junior Member
    Join Date
    Jun 2006
    Posts
    13
    When in safe mode I don't get the pop-ups and I already used ccleaner in safe mode, I will try out winpatrol and see what happens.

  10. #20
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I am beginning to suspect that you may have downloaded something from a compromised website. Whilst it probably does what it is supposed to, it could well be the source of these pop-ups as well.

    Hey, this is a wild guess, but it seems to fit your experience?

    1. A variety of scanners find nothing, not even in safe mode. I would have at least expected them to find something suspicious, even if they couldn't clean it.

    2. HijackThis! doesn't seem to show anything that I see as an obvious threat (mind you, I do not claim to be an expert )

    3. Whatever it is doesn't start in safe mode.

    So, it must be something non-essential in startup that is causing this?

    My suggestion would be to shut down all stuff that is not absolutely essential and see if this solves the problem. Then just start things manually, one at a time and wait a bit after each item, until you get the problem again. The last item you started will be the culprit.

    Obviously, you should do this offline. I am afraid that it may be quite time consuming.

    If you are running any downloaded "Warez" or "cracks" then those will be your most likely suspects.

    Try to remember what you downloaded immediately before this problem started.

    Incidentally, when you run your scans do you select:

    1. All files
    2. Full system scan
    3. Heuristic scan


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •