Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Taking Over My Web Pages And Redirecting Me


  • This topic is locked This topic is locked
2 replies to this topic

#1 nikucf21

nikucf21

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 20 September 2006 - 07:55 AM

I have tryed all of your steps before posting and nothing is working... Here is the message when i try to go to sites like google hotmail myspace download and others like that.

Not Found
The requested document was not found on this server.


--------------------------------------------------------------------------------

Web Server at adware-traffic2.com

I ran a hijackthis scan, and i have never been to any of those 01 sites. Please please help me! I will try and check this as often as possible but i cant check my e-mail so wont be notified when someone posts. Your help is greatly appreciated and thank you so much for your time!!!!

Hijackthis log:
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\DOCUME~1\OWNER~1.NIK\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O1 - Hosts: 1223167118 www.0-0sex.com
O1 - Hosts: 1223167118 1-800-pussy.com
O1 - Hosts: 1223167118 www.1-800-pussy.com
O1 - Hosts: 1223167118 1000galeriasporno.com.ar
O1 - Hosts: 1223167118 www.1000galeriasporno.com.ar
O1 - Hosts: 1223167118 1000hornysluts.com
O1 - Hosts: 1223167118 www.1000hornysluts.com
O1 - Hosts: 1223167118 1000pix.com
O1 - Hosts: 1223167118 www.1000pix.com
O1 - Hosts: 1223167118 1001movies.com
O1 - Hosts: 1223167118 www.1001movies.com
O1 - Hosts: 1223167118 100orgasms.com
O1 - Hosts: 1223167118 www.100orgasms.com
O1 - Hosts: 1223167118 100pour100sexe.com
O1 - Hosts: 1223167118 www.100pour100sexe.com
O1 - Hosts: 1223167118 101cumlovers.com
O1 - Hosts: 1223167118 www.101cumlovers.com
O1 - Hosts: 1223167118 101pornstars.com
O1 - Hosts: 1223167118 www.101pornstars.com
O1 - Hosts: 1223167118 101stars.com
O1 - Hosts: 1223167118 www.101stars.com
O1 - Hosts: 1223167118 101teen.com
O1 - Hosts: 1223167118 www.101teen.com
O1 - Hosts: 1223167118 11shemales.com
O1 - Hosts: 1223167118 www.11shemales.com
O1 - Hosts: 1223167118 121av.com
O1 - Hosts: 1223167118 www.121av.com
O1 - Hosts: 1223167118 18enne.com
O1 - Hosts: 1223167118 www.18enne.com
O1 - Hosts: 1223167118 18hentai.com
O1 - Hosts: 1223167118 www.18hentai.com
O1 - Hosts: 1223167118 18hut.com
O1 - Hosts: 1223167118 www.18hut.com
O1 - Hosts: 1223167118 18moviethumbs.com
O1 - Hosts: 1223167118 www.18moviethumbs.com
O1 - Hosts: 1223167118 18plusgalleries.com
O1 - Hosts: 1223167118 www.18plusgalleries.com
O1 - Hosts: 1223167118 18post.com
O1 - Hosts: 1223167118 www.18post.com
O1 - Hosts: 1223167118 18sexbox.com
O1 - Hosts: 1223167118 www.18sexbox.com
O1 - Hosts: 1223167118 18tease.com
O1 - Hosts: 1223167118 www.18tease.com
O1 - Hosts: 1223167118 18to19.com
O1 - Hosts: 1223167118 www.18to19.com
O1 - Hosts: 1223167118 18turnwhores.com
O1 - Hosts: 1223167118 www.18turnwhores.com
O1 - Hosts: 1223167118 18yearoldpussy.com
O1 - Hosts: 1223167118 www.18yearoldpussy.com
O1 - Hosts: 1223167118 18young.com
O1 - Hosts: 1223167118 www.18young.com
O1 - Hosts: 1223167118 1bigthumbup.com
O1 - Hosts: 1223167118 www.1bigthumbup.com
O1 - Hosts: 1223167118 1free-porn-finder.com
O1 - Hosts: 1223167118 www.1free-porn-finder.com
O1 - Hosts: 1223167118 1freepicsgallery.com
O1 - Hosts: 1223167118 www.1freepicsgallery.com
O1 - Hosts: 1223167118 1hardcoreporn.com
O1 - Hosts: 1223167118 www.1hardcoreporn.com
O1 - Hosts: 1223167118 1on3sex.com
O1 - Hosts: 1223167118 www.1on3sex.com
O1 - Hosts: 1223167118 1sexlinks.com
O1 - Hosts: 1223167118 www.1sexlinks.com
O1 - Hosts: 1223167118 1stchoicepornlinks.com
O1 - Hosts: 1223167118 www.1stchoicepornlinks.com
O1 - Hosts: 1223167118 1stmovieclub.net
O1 - Hosts: 1223167118 www.1stmovieclub.net
O1 - Hosts: 1223167118 2000nakedgirls.com
O1 - Hosts: 1223167118 www.2000nakedgirls.com
O1 - Hosts: 1223167118 24-7balckbooty.com
O1 - Hosts: 1223167118 www.24-7balckbooty.com
O1 - Hosts: 1223167118 247freeassmovies.com
O1 - Hosts: 1223167118 www.247freeassmovies.com
O1 - Hosts: 1223167118 2hotpictures.com
O1 - Hosts: 1223167118 www.2hotpictures.com
O1 - Hosts: 1223167118 2hotvideos.com
O1 - Hosts: 1223167118 www.2hotvideos.com
O1 - Hosts: 1223167118 2jizz.com
O1 - Hosts: 1223167118 www.2jizz.com
O1 - Hosts: 1223167118 2naughty.net
O1 - Hosts: 1223167118 www.2naughty.net
O1 - Hosts: 1223167118 2so2.com
O1 - Hosts: 1223167118 www.2so2.com
O1 - Hosts: 1223167118 2teens.net
O1 - Hosts: 1223167118 www.2teens.net
O1 - Hosts: 1223167118 30galleries.com
O1 - Hosts: 1223167118 www.30galleries.com
O1 - Hosts: 1223167118 310exotics.com
O1 - Hosts: 1223167118 www.310exotics.com
O1 - Hosts: 1223167118 345blastave.com
O1 - Hosts: 1223167118 www.345blastave.com
O1 - Hosts: 1223167118 3mpeg4u.us
O1 - Hosts: 1223167118 www.3mpeg4u.us
O1 - Hosts: 1223167118 3pic.com
O1 - Hosts: 1223167118 www.3pic.com
O1 - Hosts: 1223167118 3pixxx.com
O1 - Hosts: 1223167118 www.3pixxx.com
O1 - Hosts: 1223167118 3xtrem.com
O1 - Hosts: 1223167118 www.3xtrem.com
O1 - Hosts: 1223167118 40galleries.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FF8565E0-D614-5505-B906-7AE0661807B2} - (no file)
O3 - Toolbar: (no name) - {43B8AF4A-63BA-3F84-8371-B28351B5BA9C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSL] C:\WINDOWS\system32\dllcache\svchost.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138061991\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2264889c46f0e2038117/...ip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119492541813
O16 - DPF: {7EBA6D58-EB2D-46F4-A363-10C4DF50B907} - http://alp.bertrodgers.com/thealp/SCORMAPIDLL.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - http://216.139.205.162/alp_brs_v2/msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by17fd.bay17.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 nikucf21

nikucf21
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 20 September 2006 - 06:42 PM

Ok so i managed to fix my problem researching the warning on a search engine... i just ran a hijack this and deleted the 01 files since they were all from the same ip address. I guess it had picked 101 sites that were automatically redirected to their page (not sure what it was since i never clicked on it) thanks for all the help on your tutorials, esp the hijack this one.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:12 PM

Posted 24 September 2006 - 10:06 AM

Since this issue appears to be resolved I will close this topic. If you have any new malware related quesitons or issues in the future please start a new topic.

Cheers and Happy Computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users