SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Thread: another help

  1. #1
    SitePoint Addict ikabon's Avatar
    Join Date
    Dec 2004
    Location
    Philippines
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    another help

    everytime i used my IE6 there's one window always popping up
    something like "preparing to plugin" and it creates a folder on my
    program files [websiteviewer].

    i try to delete it but again when i'm exploring it pop ups again..

    how can i get rid of this?

    thanks
    =)

  2. #2
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Spyware. Run Spybot and Ad-Aware. See the sticky thread at the top of this forum.
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  3. #3
    SitePoint Addict ikabon's Avatar
    Join Date
    Dec 2004
    Location
    Philippines
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    haha..
    thanks for the reminder
    =)

  4. #4
    SitePoint Addict ikabon's Avatar
    Join Date
    Dec 2004
    Location
    Philippines
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i scanned my pc using hijackthis
    the result:
    Logfile of HijackThis v1.99.0
    Scan saved at 8:09:58 PM, on 1/9/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\CARPSERV.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
    C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
    C:\WINDOWS\SYSTEM\UGUUHTI.EXE
    C:\WINDOWS\SYSTEM\SYSTIME.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\WINDOWS\SYSTEM\SYSTIME.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\APPLICATION DATA\UOOH.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\MY EBOOKS\HIJACKTHIS.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=107312
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Globe Telecom
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet; intraweb; hpoview
    O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
    O1 - Hosts: 127.0.0.3 x.full-tgp.net
    O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
    O1 - Hosts: 127.0.0.3 autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.awmdabest.com
    O1 - Hosts: 127.0.0.3 www.sexfiles.nu
    O1 - Hosts: 127.0.0.3 awmdabest.com
    O1 - Hosts: 127.0.0.3 sexfiles.nu
    O1 - Hosts: 127.0.0.3 allforadult.com
    O1 - Hosts: 127.0.0.3 www.allforadult.com
    O1 - Hosts: 127.0.0.3 www.iframe.biz
    O1 - Hosts: 127.0.0.3 iframe.biz
    O1 - Hosts: 127.0.0.3 www.newiframe.biz
    O1 - Hosts: 127.0.0.3 newiframe.biz
    O1 - Hosts: 127.0.0.3 www.vesbiz.biz
    O1 - Hosts: 127.0.0.3 vesbiz.biz
    O1 - Hosts: 127.0.0.3 www.pizdato.biz
    O1 - Hosts: 127.0.0.3 pizdato.biz
    O1 - Hosts: 127.0.0.3 www.aaasexypics.com
    O1 - Hosts: 127.0.0.3 aaasexypics.com
    O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
    O1 - Hosts: 127.0.0.3 virgin-tgp.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\SYSTEM\APUC.DLL
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
    O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
    O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
    O4 - HKLM\..\Run: [qdlglmaqlx] C:\WINDOWS\SYSTEM\uguuhti.exe
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
    O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_S2304.TMP"
    O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
    O4 - HKCU\..\Run: [Hosl] C:\WINDOWS\Application Data\uooh.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://intranet/hrlink
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv65/x.chm::/load.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTick...cab?refid=2732

    what should i fixed?
    this is the site that the window trying to connect

    http://www.dialeradmin.com/cgi-bin/e...0.1106&ci=1-12

    =)

  5. #5
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh my word. You've got a lot of stuff there. Looks like you've been looking up some rather unsavoury stuff

    Have you run the other spy managers first? AdAware and Spybot etc. I'd always run those first because they'll kill the core applications. HiJackthis is a bit raw and should only be used as a last resort. Basically if it doesn't sound legit or give a good explanation, have a search for the file on the web. That'll normally turn it up and tell you if you can delete it or not.
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  6. #6
    SitePoint Zealot iluminatae's Avatar
    Join Date
    Dec 2004
    Location
    On a rock, spinning around the sun...
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ikabon
    i scanned my pc using hijackthis
    the result:

    O1 - Hosts: 127.0.0.3 sexfiles.nu
    O1 - Hosts: 127.0.0.3 allforadult.com
    O1 - Hosts: 127.0.0.3 aaasexypics.com
    O1 - Hosts: 127.0.0.3 virgin-tgp.net

    =)
    lol - you naughty ! :biggrin:
    <! -- This post is best viewed with FireFox -->
    <blink> <blink><blinkity></blink>

  7. #7
    SitePoint Addict ikabon's Avatar
    Join Date
    Dec 2004
    Location
    Philippines
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'm not naughty, for sure...
    i just trying to get some crack and all of those site pop ups suddenly kaboom.....

    =)

  8. #8
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ikabon
    i'm not naughty, for sure...
    i just trying to get some crack

    =)
    And that's NOT naughty?
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  9. #9
    SitePoint Addict ikabon's Avatar
    Join Date
    Dec 2004
    Location
    Philippines
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ...nada...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •