Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • Please log in to reply
1 reply to this topic

#1 jeffc

jeffc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 07 November 2004 - 10:59 PM

I need help in knowing what to delete. Every time I open exlporer I get up to six new pages with porn or bleep enlargement links. I'm quite happy with my bleep and my wife. How do I get rid of this CRAP?

Logfile of HijackThis v1.98.2
Scan saved at 12:40:12, on 2004/11/08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\rk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Sony\Keyboard Closure Setup\KSWServ.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Sony\VAIO Menu\MiniVAIOMenu.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\カリー知子\Local Settings\Temp\HijackThis.zip の一時ディレクトリ 1\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [i-FilterPE] C:\Program Files\Digital Arts\i-FilterPE\IfpeLaunch.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [VAIO Update] C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe -backgroundMode
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: このページのキャッシュ - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: リンク元 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 関連ページ - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

BC AdBot (Login to Remove)

 


#2 CalamityKen

CalamityKen

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Location:Whitby. Ont.
  • Local time:02:31 AM

Posted 08 November 2004 - 02:55 PM

jeffc, welcome.

Please print this out and follow ALL these directions carefully.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.

Move HijackThis.exe into this folder as you do not want the HijackThis backup logs in the Temp folder that should be cleaned out periodically.

When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Make sure 'show all files' is enabled:
http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=

Boot into Safe Mode by tapping F8 key repeatedly at bootup.
More detailed instructions here:
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

Find and delete if still present:
c:\ied_s7m.cab
c:\x.cab
c:\windows\system32\rk.exe
<== files

Start HijackThis and tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked" if still present.

O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)


Reboot and Install the prevention protection below and help your friends from being infected on the Internet.

Empty the Recycle Bin frequently.

Run CleanUp! as the Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.
http://cleanup.stevengould.org/
Then reboot to let it clean out what it found.

By the way, in order to improve Internet Explorer (IE) performance the Temporary(TIF)should be cleaned out periodically.
Also, it is a good idea to limit the size of the TIF to 200MB for performance sake.
In IE go to Tools then Internet Options then Settings and move the slider down to 200MB.

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and SpywareBlaster then keep them up to date as today's Internet is full of nasty infections.
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

You should install Windows Service Pack 2 and ALL Critical Updates to help from being continually infected.
In Internet Explorer go to Tools then Windows Updates and install each patch one by one rebooting when necessary.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users