Jump to content


Photo

Porn Redirect


  • This topic is locked This topic is locked
13 replies to this topic

#1 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 19 May 2004 - 12:35 PM

I have several mail clients. One of them where I have 4 Domains and all the emails are web based is where my problems are. Every time I log into my account I can get to the mail page and choose squirrell, Neomail or another one. I have tried checking the mail through all of them it starts to go then redirects to porno. I have used Bazooka,Hijack This,Spysweeper,Spybot s& D, Spy Cleaner. I have edited the registry and gotten rid of start page hijackers but I cant seem to get rid of this. I cant even check my mail as it redirects before getting to my box. im stumped. I have searched many sites for a solution that I may not know about but have had no luck. CWS Shreder finds nothing. Im at my wits End. Please help me if you can?
Thank YOu
Bonnie Kettenbach

#2 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 19 May 2004 - 12:41 PM

run hijackthis again and post your hijackthis log

#3 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 19 May 2004 - 07:03 PM

Here is the log file. All this mess started before Avant was installed.
Thank YOu
Bonnie


Logfile of HijackThis v1.97.7
Scan saved at 7:57:14 PM, on 5/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AVANT BROWSER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bketten.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bketten.biz
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?37954.5503125
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab

#4 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 20 May 2004 - 04:27 AM

log looks clean to me ,but I will post it and have the experts check it out ,thaks ,check back later to-day

#5 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 20 May 2004 - 06:32 PM

Nothing yet sorry !

Edit: one expert responded so far and sys he never heard of you problem before ,He also says that the log looks clean.

Edited by billiebob, 20 May 2004 - 07:56 PM.


#6 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 20 May 2004 - 08:17 PM

Maybe you can help
I heard form someone that if I go into Dos and windows command and do a restore that it will restore an earlier version of the directory before I had the problem. It may work no guarantees I am not sure how to bring up the dos prompt. Can you ask the experts if the feel this would work maybe and if it is worth a try how do I bring up the dos prompt in 98se

#7 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 21 May 2004 - 03:40 AM

Win98 doesn't have system restore ,I assume you mean registry restore.
Getting to dos is done with a win98 bootdisk.You can make on on control panell .add and remove programs ,create a bood disk.

Anyway if you used spybot and adaware to remove entrys ,they both have recoverys of changes you have made .

I think the person is refering to regedit /restore or fix .win98 only keeps 5 registry restore points ,a new one every day you turn on the computer .so if you didn't make any changes to you computer for 5 days and turned it off every night and back on the next day ,they would all be the same .

Edited by billiebob, 21 May 2004 - 03:46 AM.


#8 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 21 May 2004 - 05:41 AM

What the expert suggest is downloading and install the custom host file HERE , unzip it to your c:\windows, folder and overwrite you excisting host file ,this should block the porn sites.

Edited by billiebob, 21 May 2004 - 05:07 PM.


#9 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 May 2004 - 03:11 PM

I did that and no luck still have porn. I also had a file called HOSTS.SAM which i moved to recycle but did not delete. I also have ptsnoop which i think is spyware. I have gotten rid of it but it comes back. are you familiar with it? I keep getting a virus called startpage4.A0 not sure if it has anything to do with anything except I get it every couple of days. I have a virus detector and killer and also a spywall but nothing seems to help. Have you heard of this virus? any idea what I can do nest?

#10 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 May 2004 - 03:20 PM

Sorry to post again so soon
I just looked over the hosts file in wordpad. it is all ad sites am i suposed to somehow edit it so it wont open those sites? It is all aad sites but only a few say restricted.
Thanks

#11 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 21 May 2004 - 05:07 PM

The info I find on Host.com is that it a example of what host file should look line .
As for editing the downloaded host file I don't think that any editing is needed .

#12 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 21 May 2004 - 05:12 PM

Ptsnoop.exe=These descriptions I've come across - all valid as far as I can see :-
(1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it
(2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info
(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed)
Note: If using AOL and you disable this you may lose your connection or lock up
(4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists
(5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems
(6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows"


Sorry I,m not familiar with that virus,try thr free online virus scan in my signature ,I am at a loss as to what is causing you problems ,sorry !

#13 bkettten

bkettten

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 May 2004 - 07:43 PM

Can you tell me how i can get a dos prompt? I tried to set up windows on top of my old one and it caused an exception. Cant even reinstall it. Im going to have to restore and older version of the Directory or roll back to a previous windows. I dont know how to get a dos prompt and i cant remember how to do a rollback can you help please?

#14 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 22 May 2004 - 12:50 AM

I will direct you to a few sites one to download a win98 bootdisk,copy the download to a floppy and boot computer with it in the a: drive this will get you to a dos prompt. .the others dos commands .
When you boot to the dos prompt type in ,REGEDIT /fix, note the space between regedit and the /.
Try that see if it fixes the registry ,I not sure what you mean when you say restore and older version of the Directory or roll back to a previous windows.

Is your win98 install a upgrade from win95,do you have a full win98 install disk,you may need to reinstall windows .You may also try going to ,start/run and type in SFC and check for missing system files ,you may need a win98 disk for this or not if the win98 folder with the cab files was install when win98 was installed .


http://www.bootdisk.com/bootdisk.htm

http://www.ameriwebs.../bob/doswin.htm


http://www.fdisk.com/fdisk/

Edited by billiebob, 22 May 2004 - 05:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button