media tickets

Discussion in 'adware, spyware & hijack cleaning' started by Tombo1bo, Jul 11, 2004.

Thread Status:
Not open for further replies.
  1. Tombo1bo

    Tombo1bo Registered Member

    Joined:
    Jul 11, 2004
    Posts:
    1
    Last week I began experiencing a problem with my PC. Upon logging on IE would open to the following site www.unixshellz.info/antitrust/, showing an advert about "media tickets". Yesterday, after a system retoration due an unrelated problem, IE would open every minute or so, displaying the same message, with a pop up box ofering to download "media tickets". However, for lobg periods this does not happen, and then began appearing without the download box. I followed the instructions on your sit, using spybot, and post the results below. I hope you can solve this VERY disruptive problem.

    Logfile of HijackThis v1.97.7
    Scan saved at 18:02:50, on 11/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dexxa\Dexxa Optical Mouse\1.0\lwbwheel.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\video_32sD.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Thomas\Application Data\euea.exe
    C:\WINDOWS\System32\egcr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.therockalltimes.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {38FD455B-C035-07CF-8754-6C550DD0283D} - C:\WINDOWS\System32\aqtujs.dll
    O2 - BHO: (no name) - {3DA0420C-953F-5A9F-8754-6C550DD0283F} - C:\WINDOWS\System32\jayp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Dexxa\Dexxa Optical Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuid.exe
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [Microsoft Update Emulator] wuaddsff.exe
    O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuid.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Emulator] wuaddsff.exe
    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuid.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Bssn] C:\Documents and Settings\Thomas\Application Data\euea.exe
    O4 - HKCU\..\Run: [Upood] C:\WINDOWS\System32\egcr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38178.3598611111
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    Thank you,
    Tombo1bo
     
    Tombo1bo, Jul 11, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...