Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help - persistent 69sexsearch.com Pop-Up


  • Please log in to reply

#1
adriang

adriang

    New Member

  • Member
  • Pip
  • 4 posts
Good Morning All,

I have a problem whereby whenever I log onto my PC I get a lot of pop-up for a site called www.69sexsearch.com. I have tried all the top spyware removal tools and popup blockers to no avail. Can someone please help me eliminate this problem. Below is the Hijack Log and your assistance will be greatly appreciated:

Logfile of HijackThis v1.98.2
Scan saved at 1:27:51 AM, on 12/30/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\etlisrv.exe
C:\Program Files\UMS\httpserv\httpserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\UMS\Director\bin\twgipcsv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\luinap.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\WINNT\system32\etlitr50.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\UMS\Director\bin\twgipc.exe
C:\PROGRA~1\UMS\Director\bin\twgescli.exe
C:\PROGRA~1\UMS\Director\bin\twgmonit.exe
C:\PROGRA~1\UMS\Director\bin\twgtopo.exe
C:\PROGRA~1\UMS\Director\bin\nfUMSagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavIEHelper Class - {4E9ED978-F94F-11d4-A42E-00105AE60EA3} - C:\UnisysFinancialTransactionMgr40\Client\navigatoralerts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINNT\system32\smiehlp.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dllInit ibmasstw.dll] "C:\Program Files\UMS\utils\DLLINIT.EXE" ibmasstw.dll
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F1685543] C:\WINNT\system32\luinap.exe
O4 - HKLM\..\Run: [EC8443E6] C:\WINNT\system32\Nodelbca.exe
O4 - HKLM\..\Run: [9A0E484E] C:\WINNT\system32\avdfv.exe
O4 - HKLM\..\Run: [8F0B96D3] C:\WINNT\system32\adml3d3.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [F1685543] C:\WINNT\system32\luinap.exe
O4 - HKCU\..\Run: [EC8443E6] C:\WINNT\system32\Nodelbca.exe
O4 - HKCU\..\Run: [9A0E484E] C:\WINNT\system32\avdfv.exe
O4 - HKCU\..\Run: [8F0B96D3] C:\WINNT\system32\adml3d3.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Alerts - {D179CF80-389B-11d3-A2DB-00105AE60EA3} - C:\UnisysFinancialTransactionMgr40\Client\navigatoralerts.dll
O9 - Extra button: AS400 - {69BD830D-3560-4C30-A039-7A1FA9883B68} - C:\Program Files\IBM\Client Access\Emulator\Private\BBAS400.WS (HKCU)
O9 - Extra button: Snagit - {BCE4C600-5038-42FF-B270-8A6775B8CD59} - C:\Program Files\TechSmith\SnagIt\SnagIt32.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...dPage|viewpoint
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.6.107.171/msrdp.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intl.bns
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C44962F-583A-4D37-9824-2FE9BCFF722F}: NameServer = 205.214.199.130 205.214.199.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intl.bns
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intl.bns
O20 - AppInit_DLLs: TwgProc.DLL

Regards.

A
  • 0

Advertisements


#2
adriang

adriang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi All,

I have installed all of my spyware removal software to make thing a little easier to discern. Here is the new log. Please help.

Logfile of HijackThis v1.98.2
Scan saved at 9:09:40 AM, on 12/30/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\etlisrv.exe
C:\Program Files\UMS\httpserv\httpserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\UMS\Director\bin\twgipcsv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\UMS\utils\DLLINIT.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\luinap.exe
C:\WINNT\system32\internat.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\WINNT\system32\etlitr50.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\UMS\Director\bin\twgipc.exe
C:\PROGRA~1\UMS\Director\bin\twgescli.exe
C:\PROGRA~1\UMS\Director\bin\twgmonit.exe
C:\PROGRA~1\UMS\Director\bin\twgtopo.exe
C:\PROGRA~1\UMS\Director\bin\nfUMSagent.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=gateway.bns:8000;gopher=10.0.44.33:8000;http=10.0.44.33:8000;https=gateway.bns:443;socks=10.0.44.33:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;192.*.*.*;172.*.*.*;199.*.*.*;*.bns;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavIEHelper Class - {4E9ED978-F94F-11d4-A42E-00105AE60EA3} - C:\UnisysFinancialTransactionMgr40\Client\navigatoralerts.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dllInit ibmasstw.dll] "C:\Program Files\UMS\utils\DLLINIT.EXE" ibmasstw.dll
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F1685543] C:\WINNT\system32\luinap.exe
O4 - HKLM\..\Run: [EC8443E6] C:\WINNT\system32\Nodelbca.exe
O4 - HKLM\..\Run: [9A0E484E] C:\WINNT\system32\avdfv.exe
O4 - HKLM\..\Run: [8F0B96D3] C:\WINNT\system32\adml3d3.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [F1685543] C:\WINNT\system32\luinap.exe
O4 - HKCU\..\Run: [EC8443E6] C:\WINNT\system32\Nodelbca.exe
O4 - HKCU\..\Run: [9A0E484E] C:\WINNT\system32\avdfv.exe
O4 - HKCU\..\Run: [8F0B96D3] C:\WINNT\system32\adml3d3.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O9 - Extra button: Alerts - {D179CF80-389B-11d3-A2DB-00105AE60EA3} - C:\UnisysFinancialTransactionMgr40\Client\navigatoralerts.dll
O9 - Extra button: AS400 - {69BD830D-3560-4C30-A039-7A1FA9883B68} - C:\Program Files\IBM\Client Access\Emulator\Private\BBAS400.WS (HKCU)
O9 - Extra button: Snagit - {BCE4C600-5038-42FF-B270-8A6775B8CD59} - C:\Program Files\TechSmith\SnagIt\SnagIt32.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.69sexsearch.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...dPage|viewpoint
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.6.107.171/msrdp.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intl.bns
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intl.bns
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intl.bns
O20 - AppInit_DLLs: TwgProc.DLL

Regards.

Ryan
  • 0

#3
adriang

adriang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry that should have been "UN-INSTALLED"
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Download and save file -- Unzip. To execute this file: in Explorer - right-click (this file). Select Install from the Menu.

Download here: http://www.geekstogo...=download&id=40

Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.
  • 0

#5
adriang

adriang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you very much for your reply "admin". I actually followed one of the previous treads and was able to correct my problem. I used the advice given as a guide and "presto" ....it worked. Hijackthis seems to be a great piece of software. This site is great also....I wouldn't have solved this problem otherwise.

Ryan.
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
You're welcome!

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP