Can't access My Space web site

Somehow on one of my 3 PC's I can't access My Space web site, the page is directed to www.eznetwatch.com, I have no problem on any of the other 2.
I have cleaned the cookies, internet files and copy and paste the URL, always goes to eznetwatch. I installed and used RegScrupXP and CCleaner and can't see anything related to that web page.
System is Win XP pack 2 with all the updates
Mozilla Firefox is my web browser

If more information is needed please let me know
Thanks in advance

Luis

 

Hi lubama,
Welcome to Major Geeks!

It sounds like that one pc has something going on that is ensuring that that one redirect stay in place. This can be a piece of malware, so I recommend that you go through the instructions in the READ & RUN ME FIRST and attach the requested logs to your next post. This will give us more information to work with.

Thanks.
abri

 

Hi abri, thank you for the reply, here are the first 3 log files

 

And here is the other log

 

Hi lubama,

Not a lot of signs of Malware. First a couple of questions which might be related:

Is CyberSitter something you installed yourself?

Do you remember installing this and do you know what it's for? Turtle Beach Santa Cruz Driver

Now please do the following:

1) Open Windows Explorer and then open up Local Disk C:\ (click on the C, not on the + sign). On the right side of the window, look for the following files and right click on them and select delete:

C:\LOG18.log
C:\LOG18.tmp
C:\LOG5.log
C:\LOG5.tmp
C:\LOG57.log
C:\LOG57.tmp


2) Next, please disable your guest account if this hasn't already been done.

3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"


Do the following programs need to load at startup? If not, please fix them as well.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

After you click fix, just close hijackthis.


5) Now run CCleaner at the default setting with the Windows tab as the top one.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

Also, please remember to let me know the answer to the first two questions.

abri

 

Thanks again abri.
Little history about this PC, I built this one for my older son (34) awhile ago therefore I know Turtle Beach Santa Cruz Driver is the sound card drivers.
I did not noticed CyberSitter until you mentioned, and since he has kids I assume he did installed and tried to removed and left some files behind.
I just built a new one for him and passed the old one to my wife.
I followed all the steps in your guide and here is the new log you requested

Luis

 

Hi lubama,
Your HijackThis shows that CyberSitter is loading at startup.

Go to C:\MGTools\analyse.exe and double-click on the program. Click on Do a system scan. After it finishes, put a checkmark next to the following entry, close all your browser windows and then click on fix.

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\cyb2k.exe


When you finish, just close the program.

Try MySpace and see if it's there or not.

abri

 

Thanks again abri
I followed your directions and the problem still there
I looked for any entries on program files and the register for anything related to Cybersitter, cyb2k or solid oak which I found out is the maker of this program, nothing comes up. I asked my son and he installed the program but it was giving him a lot of problems so he deleted. I guess some file stayed in there an is preventing the access to any adult web site, as a matter of fact
I did typed "porn" on Google and takes me back to the fore mention web site
At this point I don't know what else to do besides reformat and reinstall.

Do you have any other suggestions?

Thank you

Luis

 

Hi lubama,

Some software is worse than malware!

Before you get radical, let's try a registry search:

Please download RegSrch.zip

Unzip the archive to your desktop and double click on the VBS file.
(If your AntiVirus alerts, allow the script to run.

Now enter CCOMSVC and post back with the results in this thread (call it regsrch.txt).

Rename the search results in some way so you can run a second search without overwriting the first one. Then do the above instructions again only this time put in WVCSWDSVC

Attach both logs. If they don't find anything, let me know this as well.
abri

 

abri
Did both searches, didn't find anything

Luis

 

Hi lubama,

When I had you remove the O4 HijackThis entry in post 7, did it remove it? You can check this by going to C:\MGTools\analyse.exe and double clicking on the file to run it. Select Run a system scan and check if the following entry is gone:

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\cyb2k.exe

If not, tell me.

Then I would like for you to remove a driver that is associated with CyberSitter:

Please use ComboFix.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

DRIVER::
vtdg46xx

FILE::
C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run CCleaner at the default setting with the Windows tab as the top one.

Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip along with the Combofix log.


Let me know how things are running now?

abri





vtdg46xx

 

Hi abri, thanks so much for the time you are expending helping me
I followed your directions but this problem is like a pest, still there.
While I was waiting for your replay I did a search in the register and I found this under Cybersytter.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application

Sources

Microsoft H.323 Telephony Service Provider

WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activation
Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv Tlntsvr
SysmonLog Symantec AntiVirus Starter SpoolerCtrs SPBBCSvc Software Restriction Policies Software Installation SecurityCenter SclgNtfy SceSrv
SceCli SavRoam safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS
PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup
MSSQLSERVER/MSDE MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine
mnmsrvc Microsoft Office 11 LoadPerf LiveUpdate LightScribeService
JavaQuickStarterService HelpSvc Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota Defwatch
CYBERsitter
crypt32 COM+ COM Ci Chkdsk ccSetMgr ccEvtMgr AutoEnrollment Autochk
Application Management Application Hang Application Error Application

I don't think I should delete the whole key because I will stop more services and I don"t know how to delete just the Cybersitter entry. I did a second search after running the last cleaners and the entry still there.

Here is the last logs you requested

Luis

PD: Yes to post 7

 

Hi abri I will like to express my gratitude for your time on helping me.
I finally found how to fix the problem, although I don't think it will be proper to post it, I have been learning a lot about Cybersitter regarding kids accessing adults websites and the program might be a pest but somehow is good in that field.
If you are interested in the fix please send me a Private Message.

Thanks again

Luis

 

Hi lubama,

I found a rather extensive fix which I briefly contemplated giving you, but it hasn't been tested here. I'd be happy to learn what steps you took but your private messages aren't enabled. To enable them, click on User CP (up near the top of the window in the dark green line over on the left side) and you'll find the pm's options under Edit Options.

abri

 

Hey abri I did enable the PM

Sorry I didn't reply earlier but I just got back from work

The fix I found is also long and I tested, so far it works, if you still interested let me know, it might be the same but you can check it against yours, also I didn't apply the whole thing, I can explain more in detail by PM

Luis

 

Hi lubama,

Thanks for your input on this. Below you'll find the final cleanup instructions in the box.

abri

 

abri, thank you for your concern, I received a PM from you regarding the Turtle Beach sound card, though when I tried to reply to the message, i was not able to, it states I need 100 posts before I can use PM, what gives? I did PM you before. Any ways I did removed those drivers because seems like my son removed the Turtle Beach sound card and used the sound from the motherboard and it is working good, I followed the final clean up and everything looks good, except I can't use System Restore, that's a different problem and is not related to all we did. If you can help me with this new situation let me know and I will explain in more detail
Thanks again.
Luis

 

Hi lubama,

I've asked if there is a new policy now that pm's can no longer be used by people who have less than 100 posts. It wouldn't be a very practical decision.

I'm glad that things are working better.

You will probably need to start a thread about the system restore problem in the Software Forum, but you can look at this first:

Go to Start and right-click on My Computer. Go to Properties and then select the System Restore tab and see first of all if Disable System Restore has a checkmark in the box. If so, uncheck it. If it is already unchecked, then click on the Settings button next to where the C drive is highlighted and make sure the setting is as maximum.

If the problem continues, then it would be better to start a new thread about this in the Software Forum, because you'll get more feedback there.

abri

 

Thank you for your advised regarding the System Restore, that's what I though. Any ways I already found that I had a file missing and I did replaced it from the installation disc.
Luis

 

Okay, thank you so much!

Hope all is well and wish you a long stretch of good computering experiences without too many unexpected adventures.

abri