dummie_q
asked on
Window opens up while surfing through certian sites
Hi,
i am having a really bad problem on my laptop. While surfing on the web, when i visit certian sites, a porno window (always of the same site) opens up. I tried every possible option I could come across. I cleaned up the system with Norton and AVG. I used SpyBot, SpyFerret, SpywareDoctor, CWShredder and many other options given in this link.
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
KL-Detector :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml
SpySites :http://www.webattack.com/download/dlspysites.shtml
Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml
Spycop: http://www.spycop.com/
BHODemon : http://www.spywareinfo.com/downloads/bhod/
Browser Hijack Blaster : http://www.wilderssecurity.net/bhblaster.html
Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
CWShredder: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml
None of them seem to overcome this problem. I addition to this i searched the Registry keys and in \hkey_users\Software\Micro
Any help is very much appreciated.
Thanks in advance..
i am having a really bad problem on my laptop. While surfing on the web, when i visit certian sites, a porno window (always of the same site) opens up. I tried every possible option I could come across. I cleaned up the system with Norton and AVG. I used SpyBot, SpyFerret, SpywareDoctor, CWShredder and many other options given in this link.
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
KL-Detector :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml
SpySites :http://www.webattack.com/download/dlspysites.shtml
Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml
Spycop: http://www.spycop.com/
BHODemon : http://www.spywareinfo.com/downloads/bhod/
Browser Hijack Blaster : http://www.wilderssecurity.net/bhblaster.html
Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
CWShredder: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml
None of them seem to overcome this problem. I addition to this i searched the Registry keys and in \hkey_users\Software\Micro
Any help is very much appreciated.
Thanks in advance..
ASKER
Hi Saahil,
I ran the utility. Here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 11:51:29 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THot
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\WINDOWS\system32\TPWRTR
C:\Program Files\TOSHIBA\TouchED\Touc
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N
C:\WINDOWS\system32\TFNF5.
C:\WINDOWS\System32\EZSP_P
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\Program Files\MusicMatch\MusicMatc
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
C:\PROGRA~1\SYMANT~1\SYMAN
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\Driver Cache\accinfo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
C:\WINDOWS\system32\RAMASS
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\yms
C:\PROGRA~1\Grisoft\AVG6\a
C:\WINDOWS\System32\DRIVER
C:\Program Files\Symantec_Client_Secu
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\inetsr
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\Program Files\UPHClean\uphclean.ex
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-4
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-6
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-4
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [accinfo] C:\WINDOWS\Driver Cache\accinfo.exe
O4 - HKLM\..\RunOnce: [*accinfo] C:\WINDOWS\Driver Cache\accinfo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\msagent\chars\c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
Hope you can help me with this.
Thanks..
I ran the utility. Here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 11:51:29 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THot
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\WINDOWS\system32\TPWRTR
C:\Program Files\TOSHIBA\TouchED\Touc
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N
C:\WINDOWS\system32\TFNF5.
C:\WINDOWS\System32\EZSP_P
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\Program Files\MusicMatch\MusicMatc
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
C:\PROGRA~1\SYMANT~1\SYMAN
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\Driver Cache\accinfo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
C:\WINDOWS\system32\RAMASS
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\yms
C:\PROGRA~1\Grisoft\AVG6\a
C:\WINDOWS\System32\DRIVER
C:\Program Files\Symantec_Client_Secu
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\inetsr
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\Program Files\UPHClean\uphclean.ex
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-4
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-6
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-4
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [accinfo] C:\WINDOWS\Driver Cache\accinfo.exe
O4 - HKLM\..\RunOnce: [*accinfo] C:\WINDOWS\Driver Cache\accinfo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\msagent\chars\c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
Hope you can help me with this.
Thanks..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Saahil,
Thanks a lot..I will follow ur suggestions and see what happens. I will let you know..
Thanks a lot..I will follow ur suggestions and see what happens. I will let you know..
sure :)
ASKER
Hi Sahil,
Seems like everything is working well now!!Thanks a bunch..I visited some of the web sites which used to give me prbs..and it was really nice..nothing popped..
Can you give me some pointers in understanding how to usually tackle this kind of problem..the symptoms etc..is there a good tutorial or web site where I can find information..
Thanks again..
Seems like everything is working well now!!Thanks a bunch..I visited some of the web sites which used to give me prbs..and it was really nice..nothing popped..
Can you give me some pointers in understanding how to usually tackle this kind of problem..the symptoms etc..is there a good tutorial or web site where I can find information..
Thanks again..
that's great =)
Well i run Hijakcthis.exe daily on my system,,,,,,, and it gives me all the information abt the GOOD and BAD running on my system...... and that is the Only thing which i use to keep my system safe and clean :)
Here is its Tutorial if u are interested >> http://aumha.org/a/hjttutor.php
Cheers ^_^
Well i run Hijakcthis.exe daily on my system,,,,,,, and it gives me all the information abt the GOOD and BAD running on my system...... and that is the Only thing which i use to keep my system safe and clean :)
Here is its Tutorial if u are interested >> http://aumha.org/a/hjttutor.php
Cheers ^_^
>> HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
THis is the Old version, so Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
Let me see what's going on ur system,,, and im sure u have already emptied the Temporary Internet Files and Cookies of IE :)