Home > Hijack This > Hijack This Log - Ie Kept Going To Softwarereferral.com

Hijack This Log - Ie Kept Going To Softwarereferral.com

Bryan Back to top #5 bryanhepworth bryanhepworth Topic Starter Members 11 posts OFFLINE Local time:11:32 PM Posted 04 September 2007 - 05:40 AM SmitFraudFix v2.219 Scan done at 11:39:39.92, 2007-09-04 Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

If we have ever helped you in the past, please consider helping us. Reboot into Safe Mode. his comment is here

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Download the latest SmitfraudFix by S!Ri from either of these mirrors to your desktop:http://siri.urz.free.fr/Fix/SmitfraudFix.ziphttp://siri.geekstogo.com/SmitfraudFix.zipRight click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.Open the SmitfraudFix folder and double-click Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.Please post:C:\rapport.txt Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member Using SmitfraudFix (by S!Ri).

Some of my previous attempts had stopped the redirects for a day or so, but they *magically* came back, which was why I was trying to be more ruthless as to NtpClient will try the DNS lookup again in 15minutes.The error was: A socket operation was attempted to an unreachable host. (0x80072751)Event Record #/Type12407 / ErrorEvent Submitted/Written: 02/17/2008 10:30:08 AMEvent ID/Source: 29 SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

If a clean version is found, you will be prompted to replace wininet.dll. I have since got things under control running S&D, Ad-aware, and AVG but still have traces of it, and keep getting bogus virus remover pop-ups. See Help for more information.Process: DefaultDomainObject Name: Microsoft.Ehome.Epg.EhepgdatEvent Record #/Type4367 / WarningEvent Submitted/Written: 02/16/2008 06:30:21 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still Thank You.

BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. There's also an intermittet dialogue box appearing which says: "SPYYWARE ALERT Win32.NetSky detected on your machine." And then goes through a long explanation of how it might have gotten there through Type Y to begin the cleanup process.

Wait for the tool to complete and disk cleanup to finish. BLEEPINGCOMPUTER NEEDS YOUR HELP! We are making good progress but there is still more left.----------Open HijackThis and select Do a system scan only.Place a check mark next to the following entries: (if there)[*] O2 - Ensure that there are no open browsers when carrying out the procedures below.

Back to top #15 bryanhepworth bryanhepworth Topic Starter Members 11 posts OFFLINE Local time:11:32 PM Posted 11 September 2007 - 02:41 AM Hi OurwillyI've gone through and done those steps. Internet reconnecting,packet.... This applies only to the original topic starter. A case like this could easily cost hundreds of thousands of dollars.

It's not my computer, I'm helping someone else out, however they require the computer for work so I was trying to get it sorted with as minimal disruption as possible. this content Several functions may not work. Then click on Start Update. Provided removal instructions are meant to be used in the correspondent user's case only.

Register now! Do Not run a scan just yet, we will shortly. -------------------------------------------------------------- Restart your computer in Safe ModeAfter hearing your computer beep once during startup, but before the Windows icon appears, press If you notice connection problems, please choose a different dial-up connection for Media Center to use.Process: DefaultDomainObject Name: Microsoft.Ehome.Epg.EhepgdatEvent Record #/Type4425 / ErrorEvent Submitted/Written: 02/17/2008 10:09:43 AMEvent ID/Source: 10 / Media http://exomatik.net/hijack-this/hijack-this-or-that.php If an update is found, it will download and install the latest version.

Every time I try to do anything it redirects me to one or another site selling spyware detection tools. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. scan completed successfullyhidden files: 0 ************************************************************************** Completion time: 2007-09-06 11:18:52C:\ComboFix-quarantined-files.txt ... 2007-09-06 11:18C:\ComboFix2.txt ... 2007-08-30 09:05 --- E O F --- Back to top #11 ourwilly ourwilly Members 921 posts OFFLINE

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O14 -

Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Online Scanners Now Download ComboFix.exe to your desktop.http://www.techsupportforum.com/sectools/sUBs/ComboFix.exehttp://download.bleepingcomputer.com/sUBs/ComboFix.exeDoubleclick combofix.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that Register now to gain access to all of our features, it's FREE and only takes one minute.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Properties show the name of the file to be file:///C:/WINDOWS/privacy_danger/images/spacer.gif. Please use "Reply to this topic" -button while replying. check over here SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll End Back to top #8 bryanhepworth bryanhepworth Topic Starter Members 11 posts OFFLINE Local time:11:32 PM Posted 05 September 2007 - 04:01 AM

Back to top #4 bryanhepworth bryanhepworth Topic Starter Members 11 posts OFFLINE Local time:11:32 PM Posted 03 September 2007 - 02:03 PM Ourwilly Thanks for the reply. Please use "Reply to this topic" -button while replying. Copy and Paste this post into a new text document or print it for reference1. Both are on an icon which resembles a middle ages shield.

Do you have pop-ups or your computer infected with trojan or spyware ? Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads It does not count as help. or read our Welcome Guide to learn how to use this site.

Back to top #14 ourwilly ourwilly Members 921 posts OFFLINE Gender:Male Local time:05:32 PM Posted 07 September 2007 - 01:17 PM Hello bryanhepworthThank you for doing that for me... I keep getting a bogus popup on a WINDOWS SECURITY ALERT dialogue box which says that "windowns has detected an internet attack attempt...Somebody's trying to infect your PC with spyware or Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

Several functions may not work. scanning hidden autostart entries ... Sorry about not waiting, but I hope this helps.ComboFix 08-02-17.2 - HP_Administrator 2008-02-20 19:00:09.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1529 [GMT -8:00]Running from: C:\Documents and Settings\HP_Administrator\Desktop\Security Programs\Programs\Combo-Fix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Open the extracted SDFix folder and double click RunThis.bat to start the script. I figured another pair of eyes was well called for, thanks for the hand it's much appreciated. If you have problems create a thread in the forum, please.Don't post your log into other user's topic, create a new one. The update will start and a progress bar will show the updates being installed.

No attempt to contact a source will be made for 15 minutes.NtpClient has no source of accurate time.-- End of Deckard's System Scanner: finished at 2008-02-17 11:13:43 ------------ 0 #5 ajsandiego C:\WINDOWS\wmpdev.dll FOUND ! This is the latest log: -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:12, on 2007-09-11Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\SYSTEM32\DWRCS.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program