Hi everyone, glad I found this site.
Whenever my wife or I try to access jcrew or kmart websites, we get these random pages. Sometimes it's a google search page for the site we're looking for, sometimes it leads to what appears to be a fake page. I've noticed that the bottom of the window says jupk.com with a redirect code on it.
I've checked my hosts files and there's nothing out of the ordinary there.
Any help would be greatly appreciated.
Im having the exact same problems, it seems to be effecting quite a bit of people but no one has a solution to the problem yet. Heres my log file hopefully someone will find something wrong. Thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 1:20:26 AM, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Appz\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.clubbox.co.kr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133944331915
O18 - Protocol: bw+0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {DF010001-44EC-4D6B-8BA8-5874648A091F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
Hi everyone, glad I found this site.
Whenever my wife or I try to access jcrew or kmart websites, we get these random pages. Sometimes it's a google search page for the site we're looking for, sometimes it leads to what appears to be a fake page. I've noticed that the bottom of the window says jupk.com with a redirect code on it.
I've checked my hosts files and there's nothing out of the ordinary there.
Any help would be greatly appreciated.
The problem is with DNS. You are probably using a DNS server that has been hacked. You need to contact your ISP and tell them of your problem and obtain a new DNS server IP address or they may have to fix the redirect entries.
I had the same problem with Comcast. I was manually pointing to one of there old DNS servers. Once I allowed DHCP to assign a new DNS server IP address, the redirects went away. Hope this helps.
Hi everyone, glad I found this site.
Whenever my wife or I try to access jcrew or kmart websites, we get these random pages. Sometimes it's a google search page for the site we're looking for, sometimes it leads to what appears to be a fake page. I've noticed that the bottom of the window says jupk.com with a redirect code on it.
I've checked my hosts files and there's nothing out of the ordinary there.
Any help would be greatly appreciated.
I just went through this too! How frustrating! After going through 5 different antispy and antivirus software scans and reboots, I saw the other response regarding the DNS server address. YES! But I had another problem, "they" hacked my broadband router and put a different DNS address into it! So I just reset the DNS address and reset the router and changed the default password for the router!!!
I just went through this too! How frustrating! After going through 5 different antispy and antivirus software scans and reboots, I saw the other response regarding the DNS server address. YES! But I had another problem, "they" hacked my broadband router and put a different DNS address into it! So I just reset the DNS address and reset the router and changed the default password for the router!!!
I have having this exact problem too - however it is specific to one computer on a network. Every other computer is fine - would it still be a DNS issue? I thought it may be local, within the HOSTS file, however that file is fine with no strange entries. Any ideas if there could be another cause to this 'jupk' redirect?
I'm having the exact same problem, also on a single computer in a network using the same ISP... So I don't know about the ISP explanation. It seems to be local.
I have having this exact problem too - however it is specific to one computer on a network. Every other computer is fine - would it still be a DNS issue? I thought it may be local, within the HOSTS file, however that file is fine with no strange entries. Any ideas if there could be another cause to this 'jupk' redirect?
Yes, make sure the computer your having problem with is setup the same as regard to the others. Example: from the command prompt type (ipconfig /all) and look for what it has for DNS. It should be the same on all of your computers if your using DHCP. If it is different, you can manually point to your ISP suggested DNS servers or just point to your broadband router if you are using a router.
I'm having the exact same problem, also on a single computer in a network using the same ISP... So I don't know about the ISP explanation. It seems to be local.
on the computer itself, go to:
control panel
network connections
right click on local area network connections
goto properties
dble click TCP/IP
is the radio button click for Obtain DNS automatically?
if yes, I don't know
if a DNS number is specified, then get another number from your LAN administrator or ISP or change it to automatic....?
I had the some problem. Changing the DNS back to automatic seems to have worked, thanks.
Thanks a million i had the same problem;
basically everytime i tried going to google.com or google.co.uk in FF or IE the URL would resolve to a porn site.
I checked the system directory and hosts txt files - all clean
Then I followed your advice and looked at my DNS IP, it should the same IP as my router like on another clean PC on my LAN changed it, cleared, browser cache, rebooted all ok:
bad DNS IPs:
85.255.116.101
85.255.112.104
I've done a search round other forums and it seens like this is a new virus/trojan/hack/F**K up.
The problem is with DNS. You are probably using a DNS server that has been hacked. You need to contact your ISP and tell them of your problem and obtain a new DNS server IP address or they may have to fix the redirect entries.
I had the same problem with Comcast. I was manually pointing to one of there old DNS servers. Once I allowed DHCP to assign a new DNS server IP address, the redirects went away. Hope this helps.
Excellent stuff - it had changed the DNS settings - changing back to obtain automatically sorted it. Thanks a lot!
OMG...thanks so very much for the info.
Sure enough I had to DNS severs in there:
Changing to auto for the DNS has helped.
Thanks again!
To all who is having this JUPK.COM DNS redirect problem. I have found an explanation for this problem from a IT security web site: PLEASE READ!!! Summary: ============ The Internet community has recently been observing a new attack against Microsoft Windows systems running Internet Explorer 6 (MSIE6) and IE7 in the form of a JavaScript triggered worm. The current release of Microsoft Internet Explorer contains an un-patched vulnerability within its ObjectData handling method(s). The currently detected worm carries out a range of actions upon successfully exploiting a victim, most notable of which is the alteration of the systems DNS settings. The result is that instead of attempting DNS resolution via previously configured servers, the victim host now uses an alternate set of DNS servers. This allows the attacker to control where users are browsing by redirecting their web browsing and other Internet activities to alternate addresses. A possible scenario might be that the attacker alters the victim's DNS settings and the user attempts to browse Amazon.com. When their system does a DNS lookup instead of sending the user to the correct page the alternate DNS server may send the user to a page pretending to be Amazon. As a result when the user enters their credit card details to purchase a book they may in-fact be giving them to the attacker instead. (This example is hypothetical in nature and not based on any observed reality.) When the vulnerability within the ObjectData handling method(s) is exploited by the now active Trojan, MSIE6 executes a contained ActiveX object within a piece of JavaScript. MSIE6 is programmed to check whether this ActiveX code is 'safe' and during this process MSIE6 determines that the ActiveX code is, in fact, simple HTML/Jscript. As a result it does not prompt the user to save the data to disk, but instead remembers it as HyperText Application (HTA) content and invokes the MSHTA.EXE process to execute the 'simple HTML/Jscript' code. This code is x[1].hta which creates and executes AOLFIX.EXE. AOLFIX.EXE is downloaded in to the victim systems \temp directory, executed and deleted. The final result is the user's system settings being altered and DNS settings changed. Who is Affected: ============ All users who have Microsoft Internet Explorer version 6 are likely vulnerable to this attack. This issue has been proven to work on Microsoft Window ME, Windows NT, Windows 2000, and Windows XP. It is also considered likely to work on Microsoft Windows 9x and Windows Server 2003. Symptoms if Exploited or Targeted: ================ Users that have been affected by this Trojan will notice a series of changes to their system, and changes in system behaviour when attempting to access certain web sites or domain names. Behavioural changes will most likely manifest themselves as pages not resolving, or not appearing correct. Directories Created: -------------------- %systemdrive%:\bdtemp %systemdrive%:\bdtemp\temp Files Created: -------------- AOLFIX.EXE - Deleted immediately upon execution. %systemdrive%:\%systemroot%\winlog - Contains the letter 'A' %systemdrive%:\%systemroot%\help\hosts - Contains static DNS mappings to many IP addresses of popular search engines. See 'Details' section below for list of addresses mapped. Registry Entries: ----------------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\windows] "r0x"="your s0x" "NameServer"="69.57.146.14" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{45F95E82-B443-428B-9EB7-4C65CDCD9006}] "NameServer"="69.57.146.14" HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "DataBasePath"="%SystemRoot%\help" Actions: ============ Disabling ActiveX functions withing the MSIE6 browser will not provide any level of protection against this vulnerability. Mitigation: ----------- - Disable Active Scripting within the MSIE6 (& Outlook) application(s). This will prevent execution of the pages delivering the exploit. - Ensure firewalls (perimeter defences) are configured to block unauthorised outbound traffic as well as inbound traffic. This will prevent users from using unauthorised DNS servers. As such victim systems will reveal themselves very quickly as they fail to look up Internet domain names. - Configure host firewalls (personal firewalls) that can control application level access to the network (such as ZoneAlarm) to deny access to the network for MSHTA.EXE. - Disable HTA MIME types from within the Windows System Registry. To do this remove the entry "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ContentType\application/hta". This can be restored later, once a patch is available and applied. - Configure IDS (intrusion detection systems) to monitor for suspicious traffic that may alert the administrator to the attack or victim systems. A sample rule set for Snort might be: snort.conf: var MAL_DNS [216.127.92.38/32,69.57.146.14/32,69.57.147.175/32] dns.rules: alert tcp any any $MAL_DNS 53 (msg:"Malicious DNS Traffic"; sid:900027; rev:1;) alert udp any any $MAL_DNS 53 (msg:"Malicious DNS Traffic"; sid:900027; rev:1;) Fix: ---- No patch is currently available for this issue. The patch MS03-032 does not address this issue.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.