Porn Site Redirect, Redirected to porn site Options

[lilriver]

Your help and guidance for me would be greatly appreciated. I am at my wits end with the porn info that pops up, being redirected and only being able to creep along when on the internet. If you or one of the members can help me you will make my day. [/B][/B] Anytime I go to a specific site (sublimedirectory.com) I am immediately redirected to a porn site called 777-porn.com. I have 2 spyware programs that I am using but after my research it would appear that maybe I have been hijacked and it is something in my registry. If your fix is to do something in the registry - please, please be very specific because I am VERY uncomfortable messing around in this directory.

THANK YOU for allowing me to post this information for assistance. Here is the info from the Hijackthis scan:

Logfile of HijackThis v1.97.3
Scan saved at 11:57:55 AM, on 11/2/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\slpservice.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\slpmonx.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Smtray.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\Ltmoh.exe
C:\WINNT\System32\hpnra.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Printkey-Pro\PRINTK~1.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sex-family.net/sherbook/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sex-family.net/sherbook/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tidewater.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Coastal Telco Services
O1 - Hosts: 157.238.59.47 uh-oh.net www.uh-oh.net www.thumbnailseries.com thumbnailseries.com
O1 - Hosts: 157.238.59.47 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com
O1 - Hosts: 157.238.59.47 dianapost.com www.dianapost.com www.xnxx.com xnxx.com www.zadina.com zadina.com
O1 - Hosts: 157.238.59.47 www.mature-post.com mature-post.com www.call-kelly.com call-kelly.com
O1 - Hosts: 157.238.59.47 sexape.com
O1 - Hosts: 157.238.59.47 www.sexape.com
O1 - Hosts: 157.238.59.47 picwarehouse.com
O1 - Hosts: 157.238.59.47 www.picwarehouse.com
O1 - Hosts: 157.238.59.47 sublimedirectory.com
O1 - Hosts: 157.238.59.47 www.sublimedirectory.com
O1 - Hosts: 157.238.59.47 purextc.com
O1 - Hosts: 157.238.59.47 www.purextc.com
O1 - Hosts: 157.238.59.47 madthumbs.com
O1 - Hosts: 157.238.59.47 www.madthumbs.com
O1 - Hosts: 157.238.62.14 sitefinder.verisign.com
O1 - Hosts: 157.238.62.14 sitefinder-idn.verisign.com
O1 - Hosts: 157.238.62.14 ie.search.msn.com
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [HP LanScan Server] C:\SCANJET\PrecisionScanPro\hpscnsvr.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LtMoh] C:\WINNT\System32\Ltmoh.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\PRINTK~1.EXE
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE4D2EE8-8C68-4D33-8486-6ADE878FFA1C}: NameServer = 12.27.189.1 12.127.16.67
O19 - User stylesheet: c:\winnt\java\my.css

[Bulldog]

Merijn (author of HijackThis) has made a tool to get rid of CoolWebSearch and its many variants.
Please download this: http://www.spywareinfo.com/~merijn/files/c.../cwshredder.zip
Unzip and run it.
Post a new HJT log when done plese.

[lilriver]

Bulldog - as requested, I ran the CWSHREDDER and here is the new log:

Logfile of HijackThis v1.97.3
Scan saved at 1:54:04 PM, on 11/2/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\slpservice.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\slpmonx.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Smtray.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\Ltmoh.exe
C:\WINNT\System32\hpnra.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Printkey-Pro\PRINTK~1.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sex-family.net/sherbook/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sex-family.net/sherbook/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tidewater.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Coastal Telco Services
O1 - Hosts: 157.238.59.47 uh-oh.net www.uh-oh.net www.thumbnailseries.com thumbnailseries.com
O1 - Hosts: 157.238.59.47 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com
O1 - Hosts: 157.238.59.47 dianapost.com www.dianapost.com www.xnxx.com xnxx.com www.zadina.com zadina.com
O1 - Hosts: 157.238.59.47 www.mature-post.com mature-post.com www.call-kelly.com call-kelly.com
O1 - Hosts: 157.238.59.47 sexape.com
O1 - Hosts: 157.238.59.47 www.sexape.com
O1 - Hosts: 157.238.59.47 picwarehouse.com
O1 - Hosts: 157.238.59.47 www.picwarehouse.com
O1 - Hosts: 157.238.59.47 sublimedirectory.com
O1 - Hosts: 157.238.59.47 www.sublimedirectory.com
O1 - Hosts: 157.238.59.47 purextc.com
O1 - Hosts: 157.238.59.47 www.purextc.com
O1 - Hosts: 157.238.59.47 madthumbs.com
O1 - Hosts: 157.238.59.47 www.madthumbs.com
O1 - Hosts: 157.238.62.14 sitefinder-idn.verisign.com
O1 - Hosts: 157.238.62.14 ie.search.msn.com
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [HP LanScan Server] C:\SCANJET\PrecisionScanPro\hpscnsvr.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LtMoh] C:\WINNT\System32\Ltmoh.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [ICDRegOCX0] rundll32.exe advpack.dll,RegisterOCX C:\WINNT\System32\iuctl.dll
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\PRINTK~1.EXE
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7927.4486574074
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE4D2EE8-8C68-4D33-8486-6ADE878FFA1C}: NameServer = 12.27.189.1 12.127.16.67

[Zero]

Hello,

Check the boxes next to all these items. Then close all windows except
HijackThis. Tell HijackThis to 'Fix checked'. Reboot.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sex-family.net/sherbook/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sex-family.net/sherbook/search/search.html

O1 - Hosts: 157.238.59.47 uh-oh.net www.uh-oh.net www.thumbnailseries.com thumbnailseries.com
O1 - Hosts: 157.238.59.47 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com
O1 - Hosts: 157.238.59.47 dianapost.com www.dianapost.com www.xnxx.com xnxx.com www.zadina.com zadina.com
O1 - Hosts: 157.238.59.47 www.mature-post.com mature-post.com www.call-kelly.com call-kelly.com
O1 - Hosts: 157.238.59.47 sexape.com
O1 - Hosts: 157.238.59.47 www.sexape.com
O1 - Hosts: 157.238.59.47 picwarehouse.com
O1 - Hosts: 157.238.59.47 www.picwarehouse.com
O1 - Hosts: 157.238.59.47 sublimedirectory.com
O1 - Hosts: 157.238.59.47 www.sublimedirectory.com
O1 - Hosts: 157.238.59.47 purextc.com
O1 - Hosts: 157.238.59.47 www.purextc.com
O1 - Hosts: 157.238.59.47 madthumbs.com
O1 - Hosts: 157.238.59.47 www.madthumbs.com
O1 - Hosts: 157.238.62.14 sitefinder-idn.verisign.com
O1 - Hosts: 157.238.62.14 ie.search.msn.com

O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

[lilriver]

THANK YOU - THANK YOU to Bulldog and Zero, it would appear that your assistance has solved my problems. Things SEEM to be running normal once again. Thank you again!

[Guest_RoB_*]

THANK YOU!!!!!!! you guys rock!

[Zero]

Glad we could help

If you need this topic reopened, please request this by sending
Email to Zero or
Email to cnm or
Email to Coyote
Choose only one of the above
Include your post user name and detail why you need it reopened with a valid link to your post, any bad links or emails that are not from the original poster will be deleted without response.