• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
intlexp

Hijacked Browser, Running Win Xp Svc. Pk 2

4 posts in this topic

My browser reverts to a porn site every 60 seconds. Ran hijack this and got the following log:

Logfile of HijackThis v1.97.7

Scan saved at 11:01:21 PM, on 7/22/2004

Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$ADVANCEPRO\Binn\sqlservr.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\mcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\AIM\aim.exe

C:\DOCUME~1\Jim\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7893.5481597222

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A519CE62-BEFD-41DD-A41F-2500F36313CC}: NameServer = 209.84.253.11,209.84.253.12

 

I have and ran Spybot and Adaware, current versions. I have Norton AV up to date. I downloaded MS Win XP Svc Pak 2 Beta. Nothing helps.

 

Any recommendations would be greatly appreciated - my kids are OFF the computer until we solve this. Thanks in advance,

Jim

Share this post


Link to post
Share on other sites

Print out these instructions so you can read them while you clean your system.

 

 

Move Hijack This to its own folder.Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Move hijack this

 

there. Hijack this makes backups of everything you fix, these backups are saved in the same folder the program is.

 

 

Now close all open windows AND browsers and check these items for HJT to fix:

O2 - BHO: (no name) - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll

 

 

 

Please reboot into safe mode - How do I boot into "Safe" mode?

 

 

Delete these files:

 

C:\WINDOWS\Downloaded Program Files\SbCIe027.dll

 

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

 

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet

content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Share this post


Link to post
Share on other sites

Dear SWI Junkie;

 

I did everything you said and it seemed to work. but after a day the same sex site appeared on my browser, overriding another site. I ran Hijack This again, and the file you asked me to "fix" was not there.

 

Any other suggestions would be really appreciated.

Jim

Share this post


Link to post
Share on other sites

Post a new log please

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0