Unwanted porn site pop-ups

[frustrated]

I made a mistake of opening a 'friends' hotlink to what
was supposed to be a joke site. Unforntunately it was a
porn site and now I can't stop IE from automatically
popping up with porn. Even when IE is closed it will all
of a sudden open to a porn site. It also automcatically
adds porn sites to my favorites lists in IE. How can I
stop this?? Please help- it's driving me crazy!

 

[Ollie]

Go to Settings - Control Panel - Add Remove Programs

Check to see if there is anything in there that shouldn't.
If so uninstall it.
Also check that there is no new Network and Dial up
options present.

 

[war17]

A porn site has downloaded something into your computer.

1. If you have Windows Messenger Service, disable it. The Messenger service
is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under
Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
or
CWShredder
http://www.spychecker.com/program/cwshredder.html

3. Some porn websites redirects links to their websites using your HOSTS
file. Do a search for the HOSTS (without extension) file and remove the
entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just
download on your computer without your permission. From the Internet
Toolbar, go to Tools > Internet Options > Advanced. Make sure "Enable
Install On Demand (Internet Explorer)" and "Enable Install On Demand
(Other)" are unchecked.

 

[frustated]

Thanks Much Warren for you Help! I've tried the first 3
suggestions to no avail. I have posted the Hijackthis log
as you requested. Please let me know what I can delete.
Again, thanks for your help:

Logfile of HijackThis v1.97.7
Scan saved at 3:22:51 PM, on 1/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys\Odyssey Client for
Linksys\odClientService.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files\KODAK\KODAK EASYSHARE
Software\bin\ptssvc.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\System32\DSentry.exe
C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-
Web\hpgs2wnd.exe
C:\WINNT\system32\PELMICED.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Odyssey Client for
Linksys\OdTray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\3M\PSNotes\psnotes.exe
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.exe
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\winlogon.exe
C:\Program Files\Broderbund\Screen Shot Deluxe 4.0
\Sshot4.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.windowws.cc/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.windowws.cc/sp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://mshp.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://mshp.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://teen-biz.com/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%5Csearchplugins%
5CSBWeb_01.src"); (C:\Documents and
Settings\tendres\Application
Data\Mozilla\Profiles\default\v30ew586.slt\prefs.js)
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-
E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-
4759FF704C22} - C:\Documents and
Settings\tendres\Application Data\msis\msiesh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-
11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common
Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-
StopW.EXE
O4 - HKLM\..\Run: [MSConfig]
\\Protecta\Share\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegShave] C:\Progra~1
\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-
Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program
Files\Linksys\Odyssey Client for Linksys\OdTray.exe"
O4 - HKLM\..\Run: [WinAuth] C:\WINNT\winlogon.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RKKOYULHE] C:\WINNT\UUQJNPTW.exe
O4 - Startup: Screen Shot Deluxe 4.0.lnk = C:\Program
Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Post-it® Software Notes.lnk =
C:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter
Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: Open using &Advanced JPEG
Compressor - C:\Program Files\Advanced JPEG
Compressor\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793}
(SurferNETWORK Plugin) -
http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN
Money Charting) -
http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?38000.4708912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS
Investor Ticker) -
http://fdl.msn.com/public/investor/v9.5/ticker.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
SearchList = belllabs.com
O19 - User stylesheet: C:\WINNT\Web\tips.ini
O19 - User stylesheet: C:\WINNT\hh.htt (HKLM)

 

[Guest]

You have big problems,No virusscanner
Do first an online virusscan at
http://www.ravantivirus.com/scan/indexie.php
Downloa
1) CWShredder http://www.merijn.org/files/cwshredder.zip
2) Spybot S&D http://www.safer-networking.org/

* = Update the definition files within the program as the first step

‘Please’ post your Hijack This Logs, in any of the following “Expert Forumsâ€
http://forums.tomcoyote.org/index.php?showforum=2
http://forums.net-integration.net/index.php?s=853f186bf90302d57a6840f00475ff6b&showforum=3
http://forums.spywareinfo.com/index.php?s=1413794b9fe306155560c99576acc3a8&showforum=1
http://www.lavasoftsupport.com/index.php?s=c0d583c0e136d2133506ec492cb6bd40&showforum=4
http://www.cybertechhelp.com/forums/forumdisplay.php?f=1
http://boards.cexx.org/viewforum.php?f=1&sid=0b5c7c42dc70e12ffe32f4a0807ff6a
http://www.dslreports.com/forum/security,

Protect your pc wit
4)SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
5)SpywareGuard http://www.wilderssecurity.net/spywareguard.html

* = Update the definition files within the program as the first step


----- frustated wrote: ----

Thanks Much Warren for you Help! I've tried the first 3
suggestions to no avail. I have posted the Hijackthis log
as you requested. Please let me know what I can delete.
Again, thanks for your help

Logfile of HijackThis v1.97.
Scan saved at 3:22:51 PM, on 1/19/200
Platform: Windows 2000 SP4 (WinNT 5.00.2195
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106

Running processes
C:\WINNT\System32\smss.ex
C:\WINNT\system32\winlogon.ex
C:\WINNT\system32\services.ex
C:\WINNT\system32\lsass.ex
C:\WINNT\System32\S24EvMon.ex
C:\WINNT\system32\svchost.ex
C:\Program Files\Linksys\Odyssey Client for
Linksys\odClientService.ex
C:\WINNT\system32\spoolsv.ex
C:\WINNT\System32\Ati2evxx.ex
C:\WINNT\system32\basfipm.ex
C:\WINNT\System32\svchost.ex
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.ex
C:\Program Files\KODAK\KODAK EASYSHARE
Software\bin\ptssvc.ex
C:\WINNT\System32\RegSrvc.ex
C:\WINNT\system32\regsvc.ex
C:\WINNT\System32\RoamMgr.ex
C:\WINNT\System32\SCardSvr.ex
C:\WINNT\system32\MSTask.ex
C:\WINNT\system32\mspmspsv.ex
C:\WINNT\system32\svchost.ex
C:\WINNT\System32\WBEM\WinMgmt.ex
C:\WINNT\system32\ZCfgSvc.ex
C:\WINNT\Explorer.EX
C:\WINNT\system32\carpserv.ex
C:\Program Files\Apoint\Apoint.ex
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.ex
C:\WINNT\system32\PRPCUI.ex
C:\WINNT\System32\DSentry.ex
C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.ex
C:\Program Files\Roxio\Easy CD Creator
\DirectCD\DirectCD.ex
C:\Program Files\FSI\F-Prot\F-StopW.EX
C:\Program Files\Apoint\Apntex.ex
C:\Program Files\Common Files\Real\Update_OB\realsched.ex
C:\Program Files\Hewlett-Packard\HP Share-to
Web\hpgs2wnd.ex
C:\WINNT\system32\PELMICED.EX
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.ex
C:\Program Files\Linksys\Odyssey Client for
Linksys\OdTray.ex
C:\WINNT\system32\internat.ex
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.ex
C:\Program Files\3M\PSNotes\psnotes.ex
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.ex
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\winlogon.ex
C:\Program Files\Broderbund\Screen Shot Deluxe 4.
\Sshot4.ex
C:\Program Files\WinZip\WZQKPICK.EX
C:\Program Files\WinZip\WINZIP32.EX
C:\Program Files\HijackThis.ex

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.windowws.cc/sp.htm?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.windowws.cc/sp.htm?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.windowws.cc/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.windowws.cc/sp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://mshp.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://mshp.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://teen-biz.com/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%5Csearchplugins%
5CSBWeb_01.src"); (C:\Documents and
Settings\tendres\Application
Data\Mozilla\Profiles\default\v30ew586.slt\prefs.js)
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-
E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-
4759FF704C22} - C:\Documents and
Settings\tendres\Application Data\msis\msiesh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-
11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common
Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-
StopW.EXE
O4 - HKLM\..\Run: [MSConfig]
\\Protecta\Share\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegShave] C:\Progra~1
\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-
Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program
Files\Linksys\Odyssey Client for Linksys\OdTray.exe"
O4 - HKLM\..\Run: [WinAuth] C:\WINNT\winlogon.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RKKOYULHE] C:\WINNT\UUQJNPTW.exe
O4 - Startup: Screen Shot Deluxe 4.0.lnk = C:\Program
Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Post-it® Software Notes.lnk =
C:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter
Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: Open using &Advanced JPEG
Compressor - C:\Program Files\Advanced JPEG
Compressor\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793}
(SurferNETWORK Plugin) -
http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN
Money Charting) -
http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?38000.4708912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS
Investor Ticker) -
http://fdl.msn.com/public/investor/v9.5/ticker.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
SearchList = belllabs.com
O19 - User stylesheet: C:\WINNT\Web\tips.ini
O19 - User stylesheet: C:\WINNT\hh.htt (HKLM)

 

[Spinach]

Here's what worked for me with this same issue-

See this Microsoft article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q323869

 

[btilc]

Here's what worked for me with this same issue-

See this Microsoft article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q323869

********************************************************************
here's your solution......have a read....

If anyone is getting hit with the Teen-Biz forced homepage issue, I
have a solution for you.

A friend of mine called me over as he was having spam problems. His
browser homepage setting kept getting reset to www.teen-biz.com. When
I took a look, I also noticed that when a shutdown was initiated, a
"Win Min" error appeared.

I took a look at his program startup options and found a winlogon.exe
entry. I took at look at processes running and found 2 winlogon
process...hmmm...here ya go. When I tried to remove the winlogon.exe
entry from the startup menu I got an access violation.

To correct the problem I rebooted into CMD mode and renamed the exe.
After I booted back up, I was able to remove the file from the startup
menu.

Hope this helps someone.

Later

 

[GregZ]

This behavior could also be triggered by a virus. Do you
run a virus checker program?