Jump to content


Photo

nastysex hotxxx adult play dialer problems


  • This topic is locked This topic is locked
10 replies to this topic

#1 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 July 2004 - 03:55 AM

PLEEEEEEEEEEEEEEEEASE FOR CRYING OUT LOUD PLEASE HELP ME! I CANT DEAL WITH THIS! ALL I DID WAS LOOK AT SOME PORN! THIS IS ACTUALLY ALLOWED IN THE FREE WORLD AND I SHOULD NOT BE PUNISHED BY DIALERS AND ADVERTS!!! I KNOW THERE IS SOMEONE OUT THERE WHO CAN HELP ME IF THEY ONLY LOOKED AT THE POST.

Hi,

I replied to someone elses topic yesterday and got told not to. I have since run a HJT log and tried several more methods to remove the beastie. No luck so far but the guy who i saw had the same problem and he got help so i'll post my log file and cross my fingers:

Logfile of HijackThis v1.98.0
Scan saved at 18:06:09, on 13-07-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LIVEUPDATE\LIVEUPDATE.EXE
C:\E-WHEELMOUSE\WH_EXEC.EXE
C:\WINDOWS\SHMAN32.EXE
C:\WINDOWS\SYSTEM\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
G:\SCANNERS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysear...nfo/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.giointernet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.giointernet.com - Gio Internet - UK's Cheapest Broadband!
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.pureseeker.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WheelMouse] C:\E-WHEE~1\wh_exec.exe
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update2] c:\windows\system\taskmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.giointernet.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab

there you go. can anyone help?

Edited by the_purple_moo_moo, 16 July 2004 - 08:58 AM.


#2 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 16 July 2004 - 07:34 AM

I hate my life.

#3 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 20 July 2004 - 09:45 AM

Hi,
First thing to do is ...

Download Posted Image Ad-Aware

After installing Ad-Aware, and before running the program.

Update Ad-aware's Reference File: instructions Posted Image here

Required Step: Posted Image Reconfigure Ad-Aware for Full Scan

Note: do not run Ad-Aware yet, just update and reconfigure.

Next:

Reconfigure Windows 98 to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Click the View menu, and then click Options or Folder Options. Click the View tab.

In the Advanced settings box, under the "Hidden files" folder
Uncheck: "Hide file extensions for known file types"
Select: "Show all files" Ok the prompt
Click Apply, and then click OK.

Next:

Close all open windows and browsers, rescan with HijackThis.
Place a check in each of the following then click "Fix checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysear...nfo/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.pureseeker.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O4 - HKCU\..\Run: [System Update2] c:\windows\system\taskmon.exe


Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Open Windows Explorer to C:\Windows\Temp
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\SHMAN32.EXE <--this file
c:\windows\system\taskmon.exe <--this file
Note: do not delete > C:\Windows\Taskmon.exe

While still in Safe Mode, run Ad-Aware and fix everything it finds.

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#4 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 July 2004 - 04:15 AM

thanks. i'll post again tomorrow, hopefully.

#5 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 22 July 2004 - 03:15 AM

Here's the new log file. I don't know if it's clean yet cos i can't connect... something has happened to the setup of my modem so it can't talk to my isp server any more. Basically my computer is now a lump of metal :weep:

Logfile of HijackThis v1.98.0
Scan saved at 17:26:34, on 21-07-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LIVEUPDATE\LIVEUPDATE.EXE
C:\E-WHEELMOUSE\WH_EXEC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\FILES\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.giointernet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.giointernet.com - Gio Internet - UK's Cheapest Broadband!
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WheelMouse] C:\E-WHEE~1\wh_exec.exe
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=www.giointernet.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab

#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 July 2004 - 03:55 AM

Hi,
Close all open windows and browsers, rescan with HijackThis.
Place a check in each of the following then click "Fix checked".

O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Open Windows Explorer to C:\Windows\Temp
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\shman32.exe <--this file

After the above, reboot, rescan with HijackThis and post a fresh log ...

something has happened to the setup of my modem

Have you checked your connection via:
Control Panel | Network Connections

1) Can you reinstall your ISP software or modem software?
2) Was your connection working prior to running Ad-Aware?
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#7 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 22 July 2004 - 04:14 AM

i'll do all of that... as for the modem, it was workign fine before all this happened but i didnt even attempt to get online while i still had the bug cos i wasnt sure who i was connecting to half the time. I COULD reinstall the software, except that it doesnt want to uninstall... the add/remove software window freezes whenever i try it. I'm not sure if gets removed... i can install over the top but it makes no difference, so i dont know if it's not working or just not a driver problem...
I'm stumped.

#8 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 July 2004 - 04:32 AM

Hi,
See if this helps ...
Posted Image How to Troubleshoot Modem Problems in Windows 98/98 Second Edition
http://support.micro...om/?kbid=190554
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#9 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 August 2004 - 09:24 AM

still no luck with the modem. It's not your problem but fortunately i think my system is clean

#10 the_purple_moo_moo

the_purple_moo_moo

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 25 August 2004 - 07:19 AM

Well my modem never recovered... whatever happened to it was too complicated for me to deal with, so i bought a serial one instead. The nastysex dialer thingy appeared on my phone bill too... at least 25 of my money has now gone to some evil bastard ive never heard of and from whom i will hopefully never hear again. Let this be a warning to people. They ARE all out to get you. Capitalism runs wild on the internet and people end up poorer and less happy than they started.

#11 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 August 2004 - 09:20 AM

Hi,
Sorry to hear of your modem troubles ... but you are not alone ...
http://forums.spywar...p?showtopic=679

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button