[Solved]My brother visited porn sites on my PC; Now it's jacked up

Discussion in 'adware, spyware & hijack cleaning' started by infuryum, Jul 8, 2004.

Thread Status:
Not open for further replies.
  1. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    I'll need to supervise his undersexed antics more closely. :(

    I'd appreciate any help!

    [EDIT:] Here's an updated registry list after I made some changes. Tell me what you think!

    Logfile of HijackThis v1.97.7
    Scan saved at 4:47:51 PM, on 7/9/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AIM\aim.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Josh\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/site/email/index.jsp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members17.clubphoto.com/_img/uploader/atl_uploader.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Last edited: Jul 9, 2004
  2. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    I've run the latest version of Spybot, Stinger anti-virus, McAfee anti-virus and I've run the latest version of Ad-Aware many times. It batched many files it recognized as spyware and adware and prompted me to delete them, which I did. Now the scan comes up clean, but this problem isn't going away.
     
  3. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Anyone anyone? I'd be eternally grateful!
     
  4. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    I've also cleared the temp internet files and cookies, run Disk Cleanup and defragged. I don't know a TON about this stuff, but I'm having trouble finding anything questionable in my registries. :(

    Web pages mostly load incomplete or not at all. AIM will sometimes have trouble completing the sign-on process, but it's not the net connection. None of the normal PC processes are slowing down. Mostly just a lot of web content.
     
  5. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Here's what I've noticed:

    Over 130 people have viewed this thread and looked at this problem. Probably because the word PORN is in the title. After TWO days, I've figure out that my registry is mostly clean. Furthermore, I want to know why my web applications are STILL running slow or not at all.

    I've run Spybot 1.3 and AdAware6.0 (the latest build), I've run Disk Clean and Defragmenter, I've emptied the temp internet file cach and cleared the cookies, I've run the latest McAfee anti-virus and Stinger, I've cleared all the uselessness from my HijackThis log, I've run CWShredder and reviewed the problems with Fireangel and the fixes offered by Snapdragin. I don't know what else to do.

    It seems that only web apps are affected. Web pages load slowly and incomplete, if they load at all. The high-traffic sites seem to have the most trouble. Threads fail to load on ClubSi and Gmail refuses to send mail almost every time. Sites with lower traffic seem to have less trouble. AIM logs on correctly about half the time.

    I've rebooted the DSL modem (Verizon) in hopes that it was a simple connection issue. No such luck.

    Since all this began, I've become good friends with Jack and Diet Rite and I believe that Miller Lite is the greatest brew on earth (aside from some good Heineken brewed in Amsterdam, itself). Have I mentioned how much I want to backpack through Europe? None of this will be possible if I don't get this damn problem fixed.

    If you're going to look at my thread in hopes of seeing some internet geek porn, please... at least reply with SOMETHING. :)
     
    Last edited: Jul 9, 2004
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Hi infuryum,

    You may be able to go backpacking through Europe sooner than you think. ;)

    I am not seeing anything in your log that would be causing these kind of connections problems. Then I don't know what you've already fixed/removed so it's hard for me to tell what may have been there initially that might have caused the problem. :doubt:

    You are also running in "Selective Startup" mode too. Could you click on START --> RUN --> type in msconfig click OK, and the System Configuration Utility panel will pop up. Select the "Normal Startup - load all device drivers and services" option, then reboot your computer.

    Do another scan with Hijackthis and post a new log so we can see if there is anything else there that shouldn't be.

    Oh, and yes the amount of "views" that you see could be due to the title, but most probably it is other people searching for solutions to their own situation and probems.

    The one thing that concerned me though is you mentioned viewing one of the threads I had done (Fireangel's). Please do not follow a fix for someone else unless you are very very sure of what you are doing. That particular fix is very complex and at the moment the tool that was used for that thread has since changed and the fix for it also. So if you did use that tool (FINDnFIX) I would want to know as it has changed and no longer matches the instructions in that thread.

    Regards,

    snap
     
  7. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Snap! My friend!

    I disabled some startup apps yesterday to see if there was anything hogging my system resources. I don't have any desire to run some of the things I disabled, so I think I want to keep it in selective startup mode. I'm at work now, but I can put it all back and post up the results when I get home if you think it'll help.

    I didn't follow FireAngel's fix in that other thread. I reviewed it and tried to study it for general information purposes. I also want to get the idea across that I'm trying to solve this on my own in lieu of asking other people to fix something I that potentially broke without making any effort to repair it myself. I never ran the FINDnFIX application. It's pretty amazing that the app has already changed and the fix for that problem is already different.

    I appreciate your help with this. A lot of what I was saying was simply to entice people to post in the thread. Hence the title. ;)

    I still don't know what the issue could be. I was convinced it was spyware related, but it doesn't seem to be. It's like the internet is broke all of a sudden...
     
  8. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Hey there infuryum,

    Ah, very good. There are many people in this forum that will gladly assist you, but in order for other members to reply with possible solutions, you will have to start a new thread in one of our other forums as regular members cannot reply to another's thread in the hijack cleaning forum.

    Before you had the antispyware tools remove what they flagged at spyware, do you remember if your browser was hijacked and to where, or by what? Especially the R1, R2 lines in Hijackthis. Did you fix any of those and if yes, what did they look like before the fix? That might give me a better idea of what you could have been infected with, or what might still be lingering undetected and causing your browser the difficulty in loading web pages. I am afraid I do not know the email client you are using, so I'm unable to help much there as to why it isn't sending email.

    Sometimes the wrong removal of some spyware programs can damage the winsock2 chain. You could download the LSPfix tool and do a scan with it, but read the instructions very carefully before using it. http://cexx.org/lspfix.htm But since you are able to connect to the internet, this may not be the problem, but worth looking into as a start.

    If you are pretty sure of the startups you disabled in msconfig, and know what they are, then you do not have to change that, unless there was something there you were unsure of and wanted to know about it.

    Could you try this. Copy and paste this line into IE's address bar, then hit enter.
    javascript:navigator.userAgent

    Then paste back here the contents of the page that comes up.

    Regards,

    snap
     
    Last edited: Jul 10, 2004
  9. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Hello Snap.

    I don't think it was hijacked at all. The only R1 lines I fixed were some junky dell4me lines. There were no R2's.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    I'll run the other tests when I get home from work. Again, I appreciate your help with this.

    No one else can reply to these threads besides moderators?? Haha I guess I shouldn't feel bad when I couldn't get a response! :-*
     
  10. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Yep, it does not look like you were hijacked, so it might be a software issue (maybe a repair of IE) but I would get other member's views and suggestions first before taking that step.

    And the posting policy for this particular section is actually a 'sticky' thread at the top of the forum, here: https://www.wilderssecurity.com/showthread.php?t=32172 ;)

    Regards,

    snap
     
  11. infuryum

    infuryum Registered Member

    Joined:
    May 16, 2004
    Posts:
    14
    Location:
    Keller, TX
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Hi Snap.

    It looks like it was a connectivity issue, after all. It wasn't working this morning and everything is perfect now. http://texas.clubsi.com/Josh/ubb/dunno.gif

    Thanks so much for your help. I'm sure I cleaned a bunch of uneccessary junk of my PC and made it run a bit more efficiently. Seems Verizon was the culprit all along! At least I'll keep my fingers crossed...

    When I typed in javascript:navigator.userAgent, the following came up in a heartbeat:

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

    I hope that means I'm kosher.
    Thanks again. http://texas.clubsi.com/Josh/ubb/cheers.gif

    (I'd post up some boobies for all my fans, but I don't want to get banned.) [​IMG]
     
  12. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: My brother visited porn sites on my PC; Now it's jacked up

    Hi infuryum

    Yep, it's kosher. :)

    Glad to hear you've got the connection issue solved. I'll keep my fingers crossed for you too. ;)

    Best regards,

    snap
     
Thread Status:
Not open for further replies.