Jump to content


Photo

Hijacked


  • Please log in to reply
3 replies to this topic

#1 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 25 June 2004 - 05:21 PM

Logfile of HijackThis v1.97.7
Scan saved at 3:14:29 PM, on 6/25/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINJX.EXE
C:\WINDOWS\SYSTEM\IPPO32.EXE
C:\WINDOWS\SYSTEM\NETCM32.EXE
C:\WINDOWS\SYSTEM\WINYF32.EXE
C:\WINDOWS\SYSTEM\IPKV.EXE
C:\WINDOWS\SYSTEM\SYSRP.EXE
C:\WINDOWS\SYSTEM\SYSOK32.EXE
C:\WINDOWS\SYSTEM\WINCD32.EXE
C:\WINDOWS\WINDV.EXE
C:\WINDOWS\SYSTEM\CRJJ32.EXE
C:\WINDOWS\MSXY.EXE
C:\WINDOWS\ADDFY32.EXE
C:\WINDOWS\SYSTEM\NETRP32.EXE
C:\WINDOWS\SYSXL32.EXE
C:\WINDOWS\SYSTEM\WINIO32.EXE
C:\WINDOWS\IEEI32.EXE
C:\WINDOWS\ATLGO32.EXE
C:\WINDOWS\APIMQ32.EXE
C:\WINDOWS\ATLII.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MFCEI.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\ATLII.EXE
C:\WINDOWS\ADDBM32.EXE
C:\WINDOWS\ATLII.EXE
C:\WINDOWS\SYSTEM\SYSEN.EXE
C:\WINDOWS\SYSTEM\SYSEN.EXE
C:\WINDOWS\SYSTEM\ATLHO32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ATLHO32.EXE
C:\WINDOWS\SYSTEM\ATLHO32.EXE
C:\WINDOWS\SYSTEM\JAVAST.EXE
C:\WINDOWS\WINDV.EXE
C:\WINDOWS\JAVAFC32.EXE
C:\WINDOWS\SYSTEM\SYSOK32.EXE
C:\WINDOWS\ADDNE32.EXE
C:\WINDOWS\SYSTEM\SYSEN.EXE
C:\WINDOWS\SYSTEM\APIFV32.EXE
C:\WINDOWS\SYSTEM\SDKPW32.EXE
C:\WINDOWS\IEEI32.EXE
C:\WINDOWS\SYSTEM\NETCM32.EXE
C:\WINDOWS\APPWQ.EXE
C:\WINDOWS\SYSTEM\ATLHO32.EXE
C:\WINDOWS\SYSTEM\SYSNH32.EXE
C:\WINDOWS\SYSTEM\WINYF32.EXE
C:\WINDOWS\SYSTEM\WINTD.EXE
C:\WINDOWS\SYSXL32.EXE
C:\WINDOWS\SYSXL32.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\SYSNH32.EXE
C:\WINDOWS\APPGC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SYSEN.EXE
C:\WINDOWS\SYSTEM\CRNS.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\NTAX.EXE
C:\WINDOWS\SYSTEM\APPFU32.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://oyqao.dll/index.html#26980
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://oyqao.dll/index.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://oyqao.dll/index.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: (no name) - {90F69D82-3A48-80D8-7F30-6513D26011A1} - C:\WINDOWS\SYSTEM\IPQR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [55EK65F4DB53SK] C:\WINDOWS\SYSTEM\Vbj06J5Z.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [MFCEI.EXE] C:\WINDOWS\SYSTEM\MFCEI.EXE
O4 - HKLM\..\RunServices: [IPOH32.EXE] C:\WINDOWS\IPOH32.EXE
O4 - HKLM\..\RunServices: [IEUJ32.EXE] C:\WINDOWS\IEUJ32.EXE
O4 - HKLM\..\RunServices: [WINZF.EXE] C:\WINDOWS\WINZF.EXE
O4 - HKLM\..\RunServices: [NTQC.EXE] C:\WINDOWS\SYSTEM\NTQC.EXE
O4 - HKLM\..\RunServices: [CRTU.EXE] C:\WINDOWS\CRTU.EXE
O4 - HKLM\..\RunServices: [CRVQ.EXE] C:\WINDOWS\CRVQ.EXE
O4 - HKLM\..\RunServices: [SYSNW.EXE] C:\WINDOWS\SYSTEM\SYSNW.EXE
O4 - HKLM\..\RunServices: [MSGH.EXE] C:\WINDOWS\MSGH.EXE
O4 - HKLM\..\RunServices: [SYSUJ32.EXE] C:\WINDOWS\SYSUJ32.EXE
O4 - HKLM\..\RunServices: [SDKCR32.EXE] C:\WINDOWS\SDKCR32.EXE
O4 - HKLM\..\RunServices: [JAVAGN32.EXE] C:\WINDOWS\SYSTEM\JAVAGN32.EXE
O4 - HKLM\..\RunServices: [WINUB32.EXE] C:\WINDOWS\WINUB32.EXE
O4 - HKLM\..\RunServices: [IPRV.EXE] C:\WINDOWS\IPRV.EXE
O4 - HKLM\..\RunServices: [NETIV.EXE] C:\WINDOWS\NETIV.EXE
O4 - HKLM\..\RunServices: [IEFM32.EXE] C:\WINDOWS\IEFM32.EXE
O4 - HKLM\..\RunServices: [ATLZM.EXE] C:\WINDOWS\SYSTEM\ATLZM.EXE
O4 - HKLM\..\RunServices: [ADDFX32.EXE] C:\WINDOWS\SYSTEM\ADDFX32.EXE
O4 - HKLM\..\RunServices: [WINBJ.EXE] C:\WINDOWS\WINBJ.EXE
O4 - HKLM\..\RunServices: [MSVZ32.EXE] C:\WINDOWS\SYSTEM\MSVZ32.EXE
O4 - HKLM\..\RunServices: [MFCGK32.EXE] C:\WINDOWS\MFCGK32.EXE
O4 - HKLM\..\RunServices: [JAVADN32.EXE] C:\WINDOWS\SYSTEM\JAVADN32.EXE
O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\SYSTEM\CRWD.EXE
O4 - HKLM\..\RunServices: [WINYF32.EXE] C:\WINDOWS\SYSTEM\WINYF32.EXE
O4 - HKLM\..\RunServices: [MSXY.EXE] C:\WINDOWS\MSXY.EXE
O4 - HKLM\..\RunServices: [SYSRP.EXE] C:\WINDOWS\SYSTEM\SYSRP.EXE
O4 - HKLM\..\RunServices: [WINJX.EXE] C:\WINDOWS\SYSTEM\WINJX.EXE
O4 - HKLM\..\RunServices: [IPPO32.EXE] C:\WINDOWS\SYSTEM\IPPO32.EXE
O4 - HKLM\..\RunServices: [WINCD32.EXE] C:\WINDOWS\SYSTEM\WINCD32.EXE
O4 - HKLM\..\RunServices: [SYSOK32.EXE] C:\WINDOWS\SYSTEM\SYSOK32.EXE
O4 - HKLM\..\RunServices: [NETCM32.EXE] C:\WINDOWS\SYSTEM\NETCM32.EXE
O4 - HKLM\..\RunServices: [WINDV.EXE] C:\WINDOWS\WINDV.EXE
O4 - HKLM\..\RunServices: [ADDFY32.EXE] C:\WINDOWS\ADDFY32.EXE
O4 - HKLM\..\RunServices: [CRJJ32.EXE] C:\WINDOWS\SYSTEM\CRJJ32.EXE
O4 - HKLM\..\RunServices: [IPKV.EXE] C:\WINDOWS\SYSTEM\IPKV.EXE
O4 - HKLM\..\RunServices: [ATLGO32.EXE] C:\WINDOWS\ATLGO32.EXE
O4 - HKLM\..\RunServices: [APIMQ32.EXE] C:\WINDOWS\APIMQ32.EXE
O4 - HKLM\..\RunServices: [NETRP32.EXE] C:\WINDOWS\SYSTEM\NETRP32.EXE
O4 - HKLM\..\RunServices: [WINIO32.EXE] C:\WINDOWS\SYSTEM\WINIO32.EXE
O4 - HKLM\..\RunServices: [ATLII.EXE] C:\WINDOWS\ATLII.EXE
O4 - HKLM\..\RunServices: [SYSXL32.EXE] C:\WINDOWS\SYSXL32.EXE
O4 - HKLM\..\RunServices: [IEEI32.EXE] C:\WINDOWS\IEEI32.EXE
O4 - HKLM\..\RunServices: [ADDBM32.EXE] C:\WINDOWS\ADDBM32.EXE
O4 - HKLM\..\RunServices: [SYSEN.EXE] C:\WINDOWS\SYSTEM\SYSEN.EXE
O4 - HKLM\..\RunServices: [ATLHO32.EXE] C:\WINDOWS\SYSTEM\ATLHO32.EXE
O4 - HKLM\..\RunServices: [JAVAST.EXE] C:\WINDOWS\SYSTEM\JAVAST.EXE
O4 - HKLM\..\RunServices: [JAVAFC32.EXE] C:\WINDOWS\JAVAFC32.EXE
O4 - HKLM\..\RunServices: [ADDNE32.EXE] C:\WINDOWS\ADDNE32.EXE
O4 - HKLM\..\RunServices: [APIFV32.EXE] C:\WINDOWS\SYSTEM\APIFV32.EXE
O4 - HKLM\..\RunServices: [SDKPW32.EXE] C:\WINDOWS\SYSTEM\SDKPW32.EXE
O4 - HKLM\..\RunServices: [APPWQ.EXE] C:\WINDOWS\APPWQ.EXE
O4 - HKLM\..\RunServices: [SYSNH32.EXE] C:\WINDOWS\SYSTEM\SYSNH32.EXE
O4 - HKLM\..\RunServices: [WINTD.EXE] C:\WINDOWS\SYSTEM\WINTD.EXE
O4 - HKLM\..\RunServices: [NTAX.EXE] C:\WINDOWS\SYSTEM\NTAX.EXE
O4 - HKLM\..\RunServices: [APPGC.EXE] C:\WINDOWS\APPGC.EXE
O4 - HKLM\..\RunServices: [CRNS.EXE] C:\WINDOWS\SYSTEM\CRNS.EXE
O4 - HKLM\..\RunServices: [APPFU32.EXE] C:\WINDOWS\SYSTEM\APPFU32.EXE
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...51/QDow_AS2.cab

What is causing the problem besides the obvious es://oyqao.dll/index.html#26980, that messing up my homepage. Also I am having a problem running CWShredder, Window Washer, and Spybot. Every time I try to run them I get not valid win32 application. I am not that good at computers but how do you fix the problem.

#2 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 25 June 2004 - 05:41 PM

I did try running adware in safe mode but still did not help.

#3 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 25 June 2004 - 07:55 PM

Why is this effecting some of my programs, somebody please help me?

#4 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 28 June 2004 - 11:56 PM

Can someone look at my log file and help me fix my hijack problem? It's been 3 days and no one wants to help me.

Edited by DaAzianDragon, 29 June 2004 - 12:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button