Jump to content


Photo

Help With Hijack Problem


  • Please log in to reply
1 reply to this topic

#1 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 29 June 2004 - 10:15 PM

For some reason, the hijacker is effecting my window washer, spybot, cwshredder, and winmx. When I try to run these programs I get not a valid win32 program or it doesn't even run at all. I tried running adware with all current updates with my IE off and in safe mode, but it still comes back. Also when I run about buster I get error removing on most items. I really need my comp back for school work so if someone could help me it would really appreciated. My hijack this log to follow.


Logfile of HijackThis v1.97.7
Scan saved at 8:12:47 PM, on 6/29/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MFCEI.EXE
C:\WINDOWS\MSXZ.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://oyqao.dll/index.html#26980
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://oyqao.dll/index.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://oyqao.dll/index.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\oyqao.dll/sp.html#26980
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: (no name) - {90F69D82-3A48-80D8-7F30-6513D26011A1} - C:\WINDOWS\SYSTEM\IPQR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [55EK65F4DB53SK] C:\WINDOWS\SYSTEM\Vbj06J5Z.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [MFCEI.EXE] C:\WINDOWS\SYSTEM\MFCEI.EXE
O4 - HKLM\..\RunServices: [IPOH32.EXE] C:\WINDOWS\IPOH32.EXE
O4 - HKLM\..\RunServices: [IEUJ32.EXE] C:\WINDOWS\IEUJ32.EXE
O4 - HKLM\..\RunServices: [WINZF.EXE] C:\WINDOWS\WINZF.EXE
O4 - HKLM\..\RunServices: [NTQC.EXE] C:\WINDOWS\SYSTEM\NTQC.EXE
O4 - HKLM\..\RunServices: [CRTU.EXE] C:\WINDOWS\CRTU.EXE
O4 - HKLM\..\RunServices: [CRVQ.EXE] C:\WINDOWS\CRVQ.EXE
O4 - HKLM\..\RunServices: [SYSNW.EXE] C:\WINDOWS\SYSTEM\SYSNW.EXE
O4 - HKLM\..\RunServices: [MSGH.EXE] C:\WINDOWS\MSGH.EXE
O4 - HKLM\..\RunServices: [SYSUJ32.EXE] C:\WINDOWS\SYSUJ32.EXE
O4 - HKLM\..\RunServices: [SDKCR32.EXE] C:\WINDOWS\SDKCR32.EXE
O4 - HKLM\..\RunServices: [JAVAGN32.EXE] C:\WINDOWS\SYSTEM\JAVAGN32.EXE
O4 - HKLM\..\RunServices: [WINUB32.EXE] C:\WINDOWS\WINUB32.EXE
O4 - HKLM\..\RunServices: [IPRV.EXE] C:\WINDOWS\IPRV.EXE
O4 - HKLM\..\RunServices: [NETIV.EXE] C:\WINDOWS\NETIV.EXE
O4 - HKLM\..\RunServices: [IEFM32.EXE] C:\WINDOWS\IEFM32.EXE
O4 - HKLM\..\RunServices: [ATLZM.EXE] C:\WINDOWS\SYSTEM\ATLZM.EXE
O4 - HKLM\..\RunServices: [ADDFX32.EXE] C:\WINDOWS\SYSTEM\ADDFX32.EXE
O4 - HKLM\..\RunServices: [WINBJ.EXE] C:\WINDOWS\WINBJ.EXE
O4 - HKLM\..\RunServices: [MSVZ32.EXE] C:\WINDOWS\SYSTEM\MSVZ32.EXE
O4 - HKLM\..\RunServices: [MFCGK32.EXE] C:\WINDOWS\MFCGK32.EXE
O4 - HKLM\..\RunServices: [JAVADN32.EXE] C:\WINDOWS\SYSTEM\JAVADN32.EXE
O4 - HKLM\..\RunServices: [CRWD.EXE] C:\WINDOWS\SYSTEM\CRWD.EXE
O4 - HKLM\..\RunServices: [WINYF32.EXE] C:\WINDOWS\SYSTEM\WINYF32.EXE
O4 - HKLM\..\RunServices: [MSXY.EXE] C:\WINDOWS\MSXY.EXE
O4 - HKLM\..\RunServices: [SYSRP.EXE] C:\WINDOWS\SYSTEM\SYSRP.EXE
O4 - HKLM\..\RunServices: [WINJX.EXE] C:\WINDOWS\SYSTEM\WINJX.EXE
O4 - HKLM\..\RunServices: [IPPO32.EXE] C:\WINDOWS\SYSTEM\IPPO32.EXE
O4 - HKLM\..\RunServices: [WINCD32.EXE] C:\WINDOWS\SYSTEM\WINCD32.EXE
O4 - HKLM\..\RunServices: [SYSOK32.EXE] C:\WINDOWS\SYSTEM\SYSOK32.EXE
O4 - HKLM\..\RunServices: [NETCM32.EXE] C:\WINDOWS\SYSTEM\NETCM32.EXE
O4 - HKLM\..\RunServices: [WINDV.EXE] C:\WINDOWS\WINDV.EXE
O4 - HKLM\..\RunServices: [ADDFY32.EXE] C:\WINDOWS\ADDFY32.EXE
O4 - HKLM\..\RunServices: [CRJJ32.EXE] C:\WINDOWS\SYSTEM\CRJJ32.EXE
O4 - HKLM\..\RunServices: [IPKV.EXE] C:\WINDOWS\SYSTEM\IPKV.EXE
O4 - HKLM\..\RunServices: [ATLGO32.EXE] C:\WINDOWS\ATLGO32.EXE
O4 - HKLM\..\RunServices: [APIMQ32.EXE] C:\WINDOWS\APIMQ32.EXE
O4 - HKLM\..\RunServices: [NETRP32.EXE] C:\WINDOWS\SYSTEM\NETRP32.EXE
O4 - HKLM\..\RunServices: [WINIO32.EXE] C:\WINDOWS\SYSTEM\WINIO32.EXE
O4 - HKLM\..\RunServices: [ATLII.EXE] C:\WINDOWS\ATLII.EXE
O4 - HKLM\..\RunServices: [SYSXL32.EXE] C:\WINDOWS\SYSXL32.EXE
O4 - HKLM\..\RunServices: [IEEI32.EXE] C:\WINDOWS\IEEI32.EXE
O4 - HKLM\..\RunServices: [ADDBM32.EXE] C:\WINDOWS\ADDBM32.EXE
O4 - HKLM\..\RunServices: [SYSEN.EXE] C:\WINDOWS\SYSTEM\SYSEN.EXE
O4 - HKLM\..\RunServices: [ATLHO32.EXE] C:\WINDOWS\SYSTEM\ATLHO32.EXE
O4 - HKLM\..\RunServices: [JAVAST.EXE] C:\WINDOWS\SYSTEM\JAVAST.EXE
O4 - HKLM\..\RunServices: [JAVAFC32.EXE] C:\WINDOWS\JAVAFC32.EXE
O4 - HKLM\..\RunServices: [ADDNE32.EXE] C:\WINDOWS\ADDNE32.EXE
O4 - HKLM\..\RunServices: [APIFV32.EXE] C:\WINDOWS\SYSTEM\APIFV32.EXE
O4 - HKLM\..\RunServices: [SDKPW32.EXE] C:\WINDOWS\SYSTEM\SDKPW32.EXE
O4 - HKLM\..\RunServices: [APPWQ.EXE] C:\WINDOWS\APPWQ.EXE
O4 - HKLM\..\RunServices: [SYSNH32.EXE] C:\WINDOWS\SYSTEM\SYSNH32.EXE
O4 - HKLM\..\RunServices: [WINTD.EXE] C:\WINDOWS\SYSTEM\WINTD.EXE
O4 - HKLM\..\RunServices: [NTAX.EXE] C:\WINDOWS\SYSTEM\NTAX.EXE
O4 - HKLM\..\RunServices: [APPGC.EXE] C:\WINDOWS\APPGC.EXE
O4 - HKLM\..\RunServices: [CRNS.EXE] C:\WINDOWS\SYSTEM\CRNS.EXE
O4 - HKLM\..\RunServices: [APPFU32.EXE] C:\WINDOWS\SYSTEM\APPFU32.EXE
O4 - HKLM\..\RunServices: [D3JH32.EXE] C:\WINDOWS\D3JH32.EXE
O4 - HKLM\..\RunServices: [ADDSC32.EXE] C:\WINDOWS\SYSTEM\ADDSC32.EXE
O4 - HKLM\..\RunServices: [NETTP32.EXE] C:\WINDOWS\SYSTEM\NETTP32.EXE
O4 - HKLM\..\RunServices: [APPQR.EXE] C:\WINDOWS\APPQR.EXE
O4 - HKLM\..\RunServices: [SDKWS.EXE] C:\WINDOWS\SDKWS.EXE
O4 - HKLM\..\RunServices: [IECD.EXE] C:\WINDOWS\IECD.EXE
O4 - HKLM\..\RunServices: [NETAD32.EXE] C:\WINDOWS\SYSTEM\NETAD32.EXE
O4 - HKLM\..\RunServices: [NTMZ.EXE] C:\WINDOWS\NTMZ.EXE
O4 - HKLM\..\RunServices: [MSVU.EXE] C:\WINDOWS\MSVU.EXE
O4 - HKLM\..\RunServices: [IPVF32.EXE] C:\WINDOWS\SYSTEM\IPVF32.EXE
O4 - HKLM\..\RunServices: [JAVABI.EXE] C:\WINDOWS\JAVABI.EXE
O4 - HKLM\..\RunServices: [SDKAG.EXE] C:\WINDOWS\SYSTEM\SDKAG.EXE
O4 - HKLM\..\RunServices: [IEBR32.EXE] C:\WINDOWS\SYSTEM\IEBR32.EXE
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE
O4 - HKLM\..\RunServices: [SDKLM32.EXE] C:\WINDOWS\SDKLM32.EXE
O4 - HKLM\..\RunServices: [D3OH.EXE] C:\WINDOWS\D3OH.EXE
O4 - HKLM\..\RunServices: [CRIM32.EXE] C:\WINDOWS\CRIM32.EXE
O4 - HKLM\..\RunServices: [IELN32.EXE] C:\WINDOWS\SYSTEM\IELN32.EXE
O4 - HKLM\..\RunServices: [APPNF.EXE] C:\WINDOWS\SYSTEM\APPNF.EXE
O4 - HKLM\..\RunServices: [WINJR.EXE] C:\WINDOWS\SYSTEM\WINJR.EXE
O4 - HKLM\..\RunServices: [APPPT.EXE] C:\WINDOWS\APPPT.EXE
O4 - HKLM\..\RunServices: [APPAB.EXE] C:\WINDOWS\SYSTEM\APPAB.EXE
O4 - HKLM\..\RunServices: [WINKX32.EXE] C:\WINDOWS\WINKX32.EXE
O4 - HKLM\..\RunServices: [D3FX.EXE] C:\WINDOWS\D3FX.EXE
O4 - HKLM\..\RunServices: [CRTM.EXE] C:\WINDOWS\CRTM.EXE
O4 - HKLM\..\RunServices: [SDKWI32.EXE] C:\WINDOWS\SDKWI32.EXE
O4 - HKLM\..\RunServices: [CRHA32.EXE] C:\WINDOWS\CRHA32.EXE
O4 - HKLM\..\RunServices: [APIXE32.EXE] C:\WINDOWS\APIXE32.EXE
O4 - HKLM\..\RunServices: [ATLZZ32.EXE] C:\WINDOWS\SYSTEM\ATLZZ32.EXE
O4 - HKLM\..\RunServices: [NTHO.EXE] C:\WINDOWS\SYSTEM\NTHO.EXE
O4 - HKLM\..\RunServices: [CRTL32.EXE] C:\WINDOWS\CRTL32.EXE
O4 - HKLM\..\RunServices: [ATLUJ.EXE] C:\WINDOWS\SYSTEM\ATLUJ.EXE
O4 - HKLM\..\RunServices: [D3GC32.EXE] C:\WINDOWS\SYSTEM\D3GC32.EXE
O4 - HKLM\..\RunServices: [WINUP32.EXE] C:\WINDOWS\SYSTEM\WINUP32.EXE
O4 - HKLM\..\RunServices: [JAVAGG.EXE] C:\WINDOWS\SYSTEM\JAVAGG.EXE
O4 - HKLM\..\RunServices: [APPIS.EXE] C:\WINDOWS\SYSTEM\APPIS.EXE
O4 - HKLM\..\RunServices: [APISN32.EXE] C:\WINDOWS\APISN32.EXE
O4 - HKLM\..\RunServices: [ADDRY.EXE] C:\WINDOWS\SYSTEM\ADDRY.EXE
O4 - HKLM\..\RunServices: [NTED.EXE] C:\WINDOWS\SYSTEM\NTED.EXE
O4 - HKLM\..\RunServices: [SDKFC.EXE] C:\WINDOWS\SDKFC.EXE
O4 - HKLM\..\RunServices: [NETWT.EXE] C:\WINDOWS\SYSTEM\NETWT.EXE
O4 - HKLM\..\RunServices: [WINYC32.EXE] C:\WINDOWS\WINYC32.EXE
O4 - HKLM\..\RunServices: [APPWE32.EXE] C:\WINDOWS\APPWE32.EXE
O4 - HKLM\..\RunServices: [APPVI.EXE] C:\WINDOWS\APPVI.EXE
O4 - HKLM\..\RunServices: [D3JB.EXE] C:\WINDOWS\SYSTEM\D3JB.EXE
O4 - HKLM\..\RunServices: [APPOO.EXE] C:\WINDOWS\SYSTEM\APPOO.EXE
O4 - HKLM\..\RunServices: [APPDJ32.EXE] C:\WINDOWS\APPDJ32.EXE
O4 - HKLM\..\RunServices: [IPTW32.EXE] C:\WINDOWS\IPTW32.EXE
O4 - HKLM\..\RunServices: [D3HF32.EXE] C:\WINDOWS\D3HF32.EXE
O4 - HKLM\..\RunServices: [SYSLS32.EXE] C:\WINDOWS\SYSTEM\SYSLS32.EXE
O4 - HKLM\..\RunServices: [SYSIL32.EXE] C:\WINDOWS\SYSIL32.EXE
O4 - HKLM\..\RunServices: [IPWV32.EXE] C:\WINDOWS\SYSTEM\IPWV32.EXE
O4 - HKLM\..\RunServices: [NETJU32.EXE] C:\WINDOWS\SYSTEM\NETJU32.EXE
O4 - HKLM\..\RunServices: [SYSDL.EXE] C:\WINDOWS\SYSTEM\SYSDL.EXE
O4 - HKLM\..\RunServices: [IEQB.EXE] C:\WINDOWS\SYSTEM\IEQB.EXE
O4 - HKLM\..\RunServices: [IPDX.EXE] C:\WINDOWS\SYSTEM\IPDX.EXE
O4 - HKLM\..\RunServices: [ADDEG32.EXE] C:\WINDOWS\ADDEG32.EXE
O4 - HKLM\..\RunServices: [MFCRJ32.EXE] C:\WINDOWS\SYSTEM\MFCRJ32.EXE
O4 - HKLM\..\RunServices: [CRYH.EXE] C:\WINDOWS\SYSTEM\CRYH.EXE
O4 - HKLM\..\RunServices: [APIZZ32.EXE] C:\WINDOWS\APIZZ32.EXE
O4 - HKLM\..\RunServices: [MSUI.EXE] C:\WINDOWS\MSUI.EXE
O4 - HKLM\..\RunServices: [NTCL32.EXE] C:\WINDOWS\SYSTEM\NTCL32.EXE
O4 - HKLM\..\RunServices: [CRTT.EXE] C:\WINDOWS\SYSTEM\CRTT.EXE
O4 - HKLM\..\RunServices: [D3PM.EXE] C:\WINDOWS\D3PM.EXE
O4 - HKLM\..\RunServices: [ATLCH32.EXE] C:\WINDOWS\SYSTEM\ATLCH32.EXE
O4 - HKLM\..\RunServices: [IEPJ.EXE] C:\WINDOWS\SYSTEM\IEPJ.EXE
O4 - HKLM\..\RunServices: [NTIS32.EXE] C:\WINDOWS\NTIS32.EXE
O4 - HKLM\..\RunServices: [D3LL32.EXE] C:\WINDOWS\D3LL32.EXE
O4 - HKLM\..\RunServices: [MFCSN32.EXE] C:\WINDOWS\MFCSN32.EXE
O4 - HKLM\..\RunServices: [SDKCB32.EXE] C:\WINDOWS\SYSTEM\SDKCB32.EXE
O4 - HKLM\..\RunServices: [D3MW.EXE] C:\WINDOWS\SYSTEM\D3MW.EXE
O4 - HKLM\..\RunServices: [NETLW32.EXE] C:\WINDOWS\SYSTEM\NETLW32.EXE
O4 - HKLM\..\RunServices: [SYSDE32.EXE] C:\WINDOWS\SYSTEM\SYSDE32.EXE
O4 - HKLM\..\RunServices: [SYSRI.EXE] C:\WINDOWS\SYSTEM\SYSRI.EXE
O4 - HKLM\..\RunServices: [MFCVK.EXE] C:\WINDOWS\MFCVK.EXE
O4 - HKLM\..\RunServices: [IPOB.EXE] C:\WINDOWS\SYSTEM\IPOB.EXE
O4 - HKLM\..\RunServices: [D3LK32.EXE] C:\WINDOWS\D3LK32.EXE
O4 - HKLM\..\RunServices: [APIMQ.EXE] C:\WINDOWS\SYSTEM\APIMQ.EXE
O4 - HKLM\..\RunServices: [IPSS.EXE] C:\WINDOWS\SYSTEM\IPSS.EXE
O4 - HKLM\..\RunServices: [MSXZ.EXE] C:\WINDOWS\MSXZ.EXE
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...51/QDow_AS2.cab

Edited by DaAzianDragon, 29 June 2004 - 10:21 PM.


#2 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 June 2004 - 11:48 PM

I hate to be a bother can someone help me please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button