Jump to content


Photo

Browser hijacked_cannot fix it


  • Please log in to reply
1 reply to this topic

#1 wendycny

wendycny

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 June 2004 - 06:15 PM

Despite running several multiple malware programs, per your instructions, I have not been able to remove the results of the hijacking. The number of entries on my hijack log keeps increasing. I have posted the hijack log below. Please help! Thank you.

Logfile of HijackThis v1.97.7

Scan saved at 6:14:22 PM, on 6/29/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SDKSE.EXE

C:\WINDOWS\SDKLN.EXE

C:\WINDOWS\SYSTEM\APPQI.EXE

C:\WINDOWS\SYSTEM\D3ZH.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\BCMDMMSG.EXE

C:\WINDOWS\SYSTEM\DEVLDR16.EXE

C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\SK9910DM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\HPOOPM07.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\JAVAIZ.EXE

C:\WINDOWS\SDKSE.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPODEV07.EXE

C:\PROGRAM FILES\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE

C:\WINDOWS\SYSTEM\CRSX.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOEVM07.EXE

C:\WINDOWS\SYSTEM\HPOIPM07.EXE

C:\WINDOWS\SYSTEM\HPOID407.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOSTS07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOFXM07.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\CRSX.EXE

C:\WINDOWS\SYSTEM\WINGJ32.EXE

C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lxjoz.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lxjoz.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://twcny.rr.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lxjoz.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lxjoz.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lxjoz.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lxjoz.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)

O2 - BHO: (no name) - {70D99FA6-2063-BAED-C96E-EDC6492D8317} - C:\WINDOWS\SYSTEM\ATLSS32.DLL (file missing)

O2 - BHO: (no name) - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)

O2 - BHO: (no name) - {014AA13A-49F9-5D06-3090-AFE8A6A99EB3} - C:\WINDOWS\SYSTEM\D3UW.DLL (file missing)

O2 - BHO: (no name) - {5D5D7625-9D74-BD90-4E45-28F0B41DFBF0} - C:\WINDOWS\SYSTEM\NETHH32.DLL (file missing)

O2 - BHO: (no name) - {16D93A20-4593-E7A7-4A6A-2D8F46FA9784} - C:\WINDOWS\IPYU32.DLL (file missing)

O2 - BHO: (no name) - {2878B282-5123-FE7A-3B85-3F52E15DB39A} - C:\WINDOWS\SYSTEM\NTFW.DLL (file missing)

O2 - BHO: (no name) - {C69B7B71-B2CE-83F6-61B9-D762F6B1BE40} - C:\WINDOWS\SYSTEM\JAVAWO.DLL (file missing)

O2 - BHO: (no name) - {C25B819B-AC4E-4A6C-1C3C-94A75C05801D} - C:\WINDOWS\MFCTC32.DLL (file missing)

O2 - BHO: (no name) - {A8DF6951-4B2D-4979-A75E-972D4ABCC2D5} - C:\WINDOWS\NETHX.DLL (file missing)

O2 - BHO: (no name) - {33EBB320-A2D5-6FD7-6D31-BA458C872ABD} - C:\WINDOWS\MFCNO.DLL (file missing)

O2 - BHO: (no name) - {809E2C70-A0DF-6D0F-11AF-D992FC8D499D} - C:\WINDOWS\SYSTEM\CRMM.DLL (file missing)

O2 - BHO: (no name) - {E2C9404C-91E7-A0CB-13A3-E5D005D1F6FC} - C:\WINDOWS\SYSTEM\MFCQH.DLL (file missing)

O2 - BHO: (no name) - {213EABCA-F47E-1BF9-B36D-049B7ADFEE6C} - C:\WINDOWS\MFCWM32.DLL (file missing)

O2 - BHO: (no name) - {A764757D-5FD4-2312-E88E-5CF1C41EB7E2} - C:\WINDOWS\SYSTEM\NTKA32.DLL (file missing)

O2 - BHO: (no name) - {D843F6EE-4E69-643C-4943-BEFB0BC15E7E} - C:\WINDOWS\MSGO.DLL (file missing)

O2 - BHO: (no name) - {697B60D8-EE47-204A-CE89-896EB5426EB9} - C:\WINDOWS\JAVAZO32.DLL (file missing)

O2 - BHO: (no name) - {F3F468C4-69A7-B6BB-80DE-1428A47E5934} - C:\WINDOWS\SYSTEM\ADDHL.DLL (file missing)

O2 - BHO: (no name) - {72124406-CBB0-1AF2-D78C-08144C91C5FF} - C:\WINDOWS\SYSTEM\WINIT.DLL (file missing)

O2 - BHO: (no name) - {B1BF0660-5457-795A-3A23-FD02D2011D0F} - C:\WINDOWS\SYSTEM\D3FX.DLL (file missing)

O2 - BHO: (no name) - {C2CC6805-C621-10C0-ABD7-9EF0E2DA9945} - C:\WINDOWS\SYSTEM\CRSQ32.DLL (file missing)

O2 - BHO: (no name) - {61A53AF6-0D9C-5C2D-0070-BFE0FF3F521F} - C:\WINDOWS\SYSTEM\D3VR.DLL (file missing)

O2 - BHO: (no name) - {C9707B4F-4D64-B818-B60D-A3DC8959BAFA} - C:\WINDOWS\SYSTEM\SYSHJ.DLL (file missing)

O2 - BHO: (no name) - {D83166BB-4B1E-E009-AEF4-286D350913CF} - C:\WINDOWS\NTWI.DLL (file missing)

O2 - BHO: (no name) - {30C2CB79-B898-DCF3-EFEF-5BB2F1EDEC08} - C:\WINDOWS\NETJV32.DLL (file missing)

O2 - BHO: (no name) - {E2754F8D-63C3-4C97-8978-E9534291499E} - C:\WINDOWS\ATLLW32.DLL (file missing)

O2 - BHO: (no name) - {DBE0B89D-398A-FC9B-86C9-ADD7A232661F} - C:\WINDOWS\NETVN.DLL

O2 - BHO: (no name) - {0A18BB06-C986-D04C-2511-A8C95904EF00} - C:\WINDOWS\SYSTEM\SYSOW.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [JAVAIZ.EXE] C:\WINDOWS\SYSTEM\JAVAIZ.EXE

O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [NETJN.EXE] C:\WINDOWS\NETJN.EXE

O4 - HKLM\..\RunServices: [CRTS32.EXE] C:\WINDOWS\CRTS32.EXE

O4 - HKLM\..\RunServices: [ATLCW32.EXE] C:\WINDOWS\SYSTEM\ATLCW32.EXE

O4 - HKLM\..\RunServices: [MSDF.EXE] C:\WINDOWS\MSDF.EXE

O4 - HKLM\..\RunServices: [APPSA32.EXE] C:\WINDOWS\APPSA32.EXE

O4 - HKLM\..\RunServices: [IPAJ.EXE] C:\WINDOWS\IPAJ.EXE

O4 - HKLM\..\RunServices: [NTRT32.EXE] C:\WINDOWS\NTRT32.EXE

O4 - HKLM\..\RunServices: [APPAN32.EXE] C:\WINDOWS\SYSTEM\APPAN32.EXE

O4 - HKLM\..\RunServices: [MSCQ32.EXE] C:\WINDOWS\MSCQ32.EXE

O4 - HKLM\..\RunServices: [MFCUR32.EXE] C:\WINDOWS\MFCUR32.EXE

O4 - HKLM\..\RunServices: [CRXV32.EXE] C:\WINDOWS\SYSTEM\CRXV32.EXE

O4 - HKLM\..\RunServices: [CRBI.EXE] C:\WINDOWS\CRBI.EXE

O4 - HKLM\..\RunServices: [IEGV32.EXE] C:\WINDOWS\IEGV32.EXE

O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\SYSTEM\MFCMZ32.EXE

O4 - HKLM\..\RunServices: [D3UR.EXE] C:\WINDOWS\SYSTEM\D3UR.EXE

O4 - HKLM\..\RunServices: [ADDCE.EXE] C:\WINDOWS\SYSTEM\ADDCE.EXE

O4 - HKLM\..\RunServices: [SYSYI.EXE] C:\WINDOWS\SYSTEM\SYSYI.EXE

O4 - HKLM\..\RunServices: [IEOL32.EXE] C:\WINDOWS\SYSTEM\IEOL32.EXE

O4 - HKLM\..\RunServices: [APINR.EXE] C:\WINDOWS\SYSTEM\APINR.EXE

O4 - HKLM\..\RunServices: [JAVAWE32.EXE] C:\WINDOWS\SYSTEM\JAVAWE32.EXE

O4 - HKLM\..\RunServices: [APIXT32.EXE] C:\WINDOWS\APIXT32.EXE

O4 - HKLM\..\RunServices: [IPPB.EXE] C:\WINDOWS\IPPB.EXE

O4 - HKLM\..\RunServices: [ADDQK32.EXE] C:\WINDOWS\SYSTEM\ADDQK32.EXE

O4 - HKLM\..\RunServices: [MFCNN32.EXE] C:\WINDOWS\MFCNN32.EXE

O4 - HKLM\..\RunServices: [NTAQ32.EXE] C:\WINDOWS\SYSTEM\NTAQ32.EXE

O4 - HKLM\..\RunServices: [JAVATP32.EXE] C:\WINDOWS\JAVATP32.EXE

O4 - HKLM\..\RunServices: [CRZY.EXE] C:\WINDOWS\SYSTEM\CRZY.EXE

O4 - HKLM\..\RunServices: [D3WJ32.EXE] C:\WINDOWS\SYSTEM\D3WJ32.EXE

O4 - HKLM\..\RunServices: [SYSYQ32.EXE] C:\WINDOWS\SYSTEM\SYSYQ32.EXE

O4 - HKLM\..\RunServices: [NTQP.EXE] C:\WINDOWS\NTQP.EXE

O4 - HKLM\..\RunServices: [IEOI.EXE] C:\WINDOWS\SYSTEM\IEOI.EXE

O4 - HKLM\..\RunServices: [IPXR32.EXE] C:\WINDOWS\IPXR32.EXE

O4 - HKLM\..\RunServices: [NETIQ32.EXE] C:\WINDOWS\SYSTEM\NETIQ32.EXE

O4 - HKLM\..\RunServices: [WINSI.EXE] C:\WINDOWS\WINSI.EXE

O4 - HKLM\..\RunServices: [SYSEV.EXE] C:\WINDOWS\SYSEV.EXE

O4 - HKLM\..\RunServices: [SYSRC.EXE] C:\WINDOWS\SYSRC.EXE

O4 - HKLM\..\RunServices: [WINJC.EXE] C:\WINDOWS\SYSTEM\WINJC.EXE

O4 - HKLM\..\RunServices: [APPPQ32.EXE] C:\WINDOWS\SYSTEM\APPPQ32.EXE

O4 - HKLM\..\RunServices: [NTKW.EXE] C:\WINDOWS\SYSTEM\NTKW.EXE

O4 - HKLM\..\RunServices: [APIZO32.EXE] C:\WINDOWS\APIZO32.EXE

O4 - HKLM\..\RunServices: [IEJN.EXE] C:\WINDOWS\SYSTEM\IEJN.EXE

O4 - HKLM\..\RunServices: [MSZA32.EXE] C:\WINDOWS\MSZA32.EXE

O4 - HKLM\..\RunServices: [CRKV32.EXE] C:\WINDOWS\SYSTEM\CRKV32.EXE

O4 - HKLM\..\RunServices: [NTUR.EXE] C:\WINDOWS\NTUR.EXE

O4 - HKLM\..\RunServices: [SDKLN.EXE] C:\WINDOWS\SDKLN.EXE

O4 - HKLM\..\RunServices: [D3ZH.EXE] C:\WINDOWS\SYSTEM\D3ZH.EXE

O4 - HKLM\..\RunServices: [APPQI.EXE] C:\WINDOWS\SYSTEM\APPQI.EXE

O4 - HKLM\..\RunServices: [SDKSE.EXE] C:\WINDOWS\SDKSE.EXE

O4 - HKLM\..\RunServices: [CRSX.EXE] C:\WINDOWS\SYSTEM\CRSX.EXE

O4 - HKLM\..\RunServices: [WINGJ32.EXE] C:\WINDOWS\SYSTEM\WINGJ32.EXE

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O14 - IERESET.INF: START_PAGE_URL=http://twcny.rr.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://twcny.rr.com

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7875.6478240741

O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\JAVA\CONTROLF1\STMeeting25.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#2 wendycny

wendycny

    Member

  • New Member
  • Pip
  • 2 posts

Posted 01 July 2004 - 07:59 PM

Please help if you can OR post a short message with an estimate of when you might respond. I understand everyone is busy, but these problems affect my ability to work. Many thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button