Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-07-2005, 03:22 PM   #1
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Unhappy Little problem but dont know how to solve it

While on the internet two things happen:
1) Some words are hyperlinked to ntsearch and somethimes taking away a hyperlink and replacing it with one going to ntsearch and i dont know how to get rid of it if any knows could you please help thanks

2)When i try to go onto the internet at different times and different websites a message box comes up with a loud noise and says cannot open site operation oborted and then sends me to a cannot display site and then to another site i dont quite know what it is. Any suggestions into how to get rid of this eith please thanks

Thanks for trying to help if you offer your advice because i really cannot reformat the computer beause all my coursework pictures etc take up to many disk and i simply have not enough time.

Shell
__________________

shell is offline   Reply With Quote
Old 08-07-2005, 03:56 PM   #2
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default

Sounds like you got some spy/adware..

Download these tools.
AVG-antivirus
AdAware
Highjackthis.

install and update all these tools and run the scans..
__________________

__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 08-07-2005, 04:59 PM   #3
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Default

thnx ive downloaded them and they are scanning looks like it might take some time but one have come up with a few virus all begining with trojan how lethal is this cause theres a few and any idea what
GMT - GatorStubSetup is? it seems this might be infected but i dont even know what it is or how it got there!!
lol getting a bit stressed and tired thanx for the help and i am open if any one has any suggestions thanks
shell is offline   Reply With Quote
Old 08-07-2005, 05:06 PM   #4
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: Little problem but dont know how to solve it

Well run each scan..

The ntsearch sounds like a browser highjack..
1st do the virus scan.
2nd do the spyware scan
3rd do the highjackthis scan and remoce any highjacks.

You should be fine then
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 08-08-2005, 03:52 PM   #5
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Default

well done these scan late last night and tried again now but the problem is still happening what could i try next?
shell is offline   Reply With Quote
Old 08-08-2005, 04:31 PM   #6
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: Little problem but dont know how to solve it

Did you run highjackthis and remove any browser highjacks? If you dont know what to remove Email me the log and I send back what to remove..

I did a further search and yes it is a browser highjack.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 08-08-2005, 05:09 PM   #7
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Default

ok so remove all browser logs?
erm how do i tell what are browser logs?
sorry im not so good at technical terms and i dnt reccon i could emnail it the stupid thing is affecting my email
thanks once again
shell is offline   Reply With Quote
Old 08-08-2005, 05:16 PM   #8
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Default Re: Little problem but dont know how to solve it

as i cant email the damn thing just tried i cant thin k of any other way but than to copy n paste it(I know) erm thanks lots and lots again
shell is offline   Reply With Quote
Old 08-08-2005, 06:12 PM   #9
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default

Run Highjackthis.. clcik the scan and save log..

Copy the whole log. and paste it here.

I'll look for it here.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 08-09-2005, 12:02 PM   #10
Solid State Member
 
Join Date: Aug 2005
Posts: 9
Default

Logfile of HijackThis v1.99.1
Scan saved at 17:01:10, on 09/08/2005
Platform: <a href="http://www.ntsearch.com/search.php?q=Windows&v=55">Windows</a> XP (WinNT 5.01.2600)
MSIE: <a href="http://www.ntsearch.com/search.php?q=Internet&v=55">Internet</a> Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\sp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\shell\Local Settings\Temporary <a href="http://www.ntsearch.com/search.php?q=Internet&v=55">Internet</a> Files\Content.IE5\1X6CRK14\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,<a href="http://www.ntsearch.com/search.php?q=Search&v=55">Search</a> Bar = http://www.cfhedjzzyauya.com/zx_6UfE...10sjbSERc.html
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int113777.exe -auto
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [anti more chic wave] C:\Documents and Settings\All Users\Application Data\proxy help anti more\aimbody.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [sp] C:\WINDOWS\sp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Winsixth] C:\DOCUME~1\shell\APPLIC~1\KNOBHE~1\cash <a href="http://www.ntsearch.com/search.php?q=time&v=55">time</a>.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: <a href="http://www.ntsearch.com/search.php?q=Windows&v=55">Windows</a> Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager <a href="http://www.ntsearch.com/search.php?q=Server&v=55">Server</a> (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: iPod Service (iPodService) - <a href="http://www.ntsearch.com/search.php?q=Apple&v=55">Apple</a> <a href="http://www.ntsearch.com/search.php?q=Computer&v=55">Computer</a>, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce <a href="http://www.ntsearch.com/search.php?q=Server&v=55">Server</a> (LexBceS) - <a href="http://www.ntsearch.com/search.php?q=Lexmark&v=55">Lexmark</a> International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
__________________

shell is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:41 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0