Jump to content


Photo

3 porn popups


  • Please log in to reply
1 reply to this topic

#1 nswagner

nswagner

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 11:27 AM

I have run Hijack This as well as all of the other spyware programs listed on your site. The situation is that when I start IE, I get 3 porn sites that pop up within 5 minutes of each other. If I leave IE on all day, the porn popups don't come on again for another 12 hours or so. Here are the popup sites that come, in this order:

www.hardsexland.com/?43245656
www.teenygirlshome.com/?ref=11
www.pussypool.net/?ref=441

Here is the list of BHOs not included in the list on your site:

AcroIEhelper.dll

Here are the 04 startup items not listed in Pacman's List:

lxbkbmgr.exe
loadqm.exe
mcc.exe
idctup20.exe

Here is also my log from Hijack This.

[version]
; version signature (same for NT and Win 95) do not remove
signature="$CHICAGO$"
AdvancedINF=2.0

[Add.Code]
; add for downloading necessary MFC ActiveX Dlls
msvcrt.dll=msvcrt.dll
mfc42.dll=mfc42.dll
xscan53.ocx=xscan53.ocx
patchw32.dll=patchw32.dll
aupatch.dat=aupatch.dat
auunzip.dat=auunzip.dat
auupdate.dat=auupdate.dat
runtsckl.exe=runtsckl.exe
tmupdate.ini=tmupdate.ini
aucfg.ini=aucfg.ini
loadhttp.dll=loadhttp.dll
;TmUpdate.dll=TmUpdate.dll

[xscan53.ocx]
file-win32-x86=thiscab
clsid={74D05D43-3236-11d4-BDCD-00C04F9A3B61}
FileVersion=5,70,0,1085

[AuUpdate.dat]
;file=thiscab
;FileVersion=1,8,0,1098
;DestDir=10
hook=auupdate.hook

[runtsckl.exe]
file=thiscab
FileVersion=1,00,0,0001
DestDir=10

[loadhttp.dll]
file=thiscab
FileVersion=1,32,0,1000
DestDir=10

[patchw32.dll]
file=thiscab
FileVersion=5,1,0,0
DestDir=10

[auunzip.dat]
;file=thiscab
;FileVersion=
;DestDir=10
hook=auunzip.hook

[aupatch.dat]
;file=thiscab
;FileVersion=
;DestDir=10
hook=aupatch.hook

[tmupdate.ini]
file=thiscab
FileVersion=
DestDir=10

[aucfg.ini]
file=thiscab
FileVersion=
DestDir=10

; dependent DLLs
[msvcrt.dll]
FileVersion=4,20,0,6164
hook=mfc42installer

[mfc42.dll]
; VC 5.0 SP3 or above version
FileVersion=4,21,0,7303
hook=mfc42installer

[mfc42installer]
file-win32-x86=http://activex.microsoft.com/controls/vc/mfc42.cab
run=%EXTRACT_DIR%\mfc42.exe

[xscan]
ad_url=http://www.antivirus.com/housecall/ad/0001.html
home_url=http://www.antivirus.com
virus_encyclopedia=http://www.antivirus.com/vinfo
mail_to=webmaster@trendmicro.com

[auunzip.hook]
run=%EXTRACT_DIR%\auunzip.dat

[aupatch.hook]
run=%EXTRACT_DIR%\aupatch.dat

[auupdate.hook]
run=%EXTRACT_DIR%\auupdate.dat

PLEASE HELP!

N

#2 nswagner

nswagner

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 11:38 AM

Here is my logfile for HijackThis.

Logfile of HijackThis v1.98.0
Scan saved at 10:43:56 AM, on 7/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\MCC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HJTLOG.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\SYSTEM\mcc.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cdx: C:\PROGRA~1\INTERN~1\PLUGINS\NPCDS32.DLL
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bc.edu/bc...er/tdserver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://osgoode.yorku.ca/qp2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button