Jump to content


Photo

Home Page hijacker, etc. etc.


  • Please log in to reply
1 reply to this topic

#1 Bocajuniors

Bocajuniors

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 July 2004 - 10:35 PM

Hello all,

I have been trying to get rid of homepage hijacker for about a month now. I have done everyhthing I can think of to fight this plague (spybot, spysweeper, spyhunter, cwshredder). I cant think of anything else.

Also, I now cant even use my Internet Explorer on my computer. It just stays frozen on the homepage. As well as that I am also having a virtual memory problem as well. I thought I fixed it, but it has come back to haunt me.
I hope you guys can help me.

Thanks a lot

David



Heres my Hijack log:
Logfile of HijackThis v1.98.0
Scan saved at 7:47:03 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\d3np32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ieli32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Horacio Computer\Local Settings\Temporary Internet Files\Content.IE5\9FBFTH4E\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fsmfn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fsmfn.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fsmfn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fsmfn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22DDB661-D9B9-67C1-C241-C0C3C4352FA7} - C:\WINDOWS\system32\javaep32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ieli32.exe] C:\WINDOWS\system32\ieli32.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\RunOnce: [syslf.exe] C:\WINDOWS\syslf.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\system32\netpq.exe
O4 - HKLM\..\RunOnce: [atlir32.exe] C:\WINDOWS\atlir32.exe
O4 - HKLM\..\RunOnce: [d3np32.exe] C:\WINDOWS\d3np32.exe
O4 - HKLM\..\RunOnce: [msun.exe] C:\WINDOWS\system32\msun.exe
O4 - HKLM\..\RunOnce: [winwe.exe] C:\WINDOWS\system32\winwe.exe
O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\system32\d3zs.exe
O4 - HKLM\..\RunOnce: [apiyr32.exe] C:\WINDOWS\system32\apiyr32.exe
O4 - HKLM\..\RunOnce: [atlyb32.exe] C:\WINDOWS\atlyb32.exe
O4 - HKLM\..\RunOnce: [d3ro32.exe] C:\WINDOWS\d3ro32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\winaz.exe
O4 - HKLM\..\RunOnce: [atlfi32.exe] C:\WINDOWS\atlfi32.exe
O4 - HKLM\..\RunOnce: [winfa32.exe] C:\WINDOWS\winfa32.exe
O4 - HKLM\..\RunOnce: [mfcaa32.exe] C:\WINDOWS\mfcaa32.exe
O4 - HKLM\..\RunOnce: [javaks.exe] C:\WINDOWS\system32\javaks.exe
O4 - HKLM\..\RunOnce: [atltt.exe] C:\WINDOWS\system32\atltt.exe
O4 - HKLM\..\RunOnce: [javami.exe] C:\WINDOWS\javami.exe
O4 - HKLM\..\RunOnce: [atloh32.exe] C:\WINDOWS\system32\atloh32.exe
O4 - HKLM\..\RunOnce: [winoy32.exe] C:\WINDOWS\winoy32.exe
O4 - HKLM\..\RunOnce: [msru.exe] C:\WINDOWS\system32\msru.exe
O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\system32\neter32.exe
O4 - HKLM\..\RunOnce: [msrn32.exe] C:\WINDOWS\system32\msrn32.exe
O4 - HKLM\..\RunOnce: [mfcwg32.exe] C:\WINDOWS\system32\mfcwg32.exe
O4 - HKLM\..\RunOnce: [appve.exe] C:\WINDOWS\system32\appve.exe
O4 - HKLM\..\RunOnce: [netwu.exe] C:\WINDOWS\netwu.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\system32\ipdt32.exe
O4 - HKLM\..\RunOnce: [atlyt.exe] C:\WINDOWS\system32\atlyt.exe
O4 - HKLM\..\RunOnce: [d3ya32.exe] C:\WINDOWS\system32\d3ya32.exe
O4 - HKLM\..\RunOnce: [d3bc.exe] C:\WINDOWS\d3bc.exe
O4 - HKLM\..\RunOnce: [winrj.exe] C:\WINDOWS\winrj.exe
O4 - HKLM\..\RunOnce: [crjs32.exe] C:\WINDOWS\crjs32.exe
O4 - HKLM\..\RunOnce: [msfm32.exe] C:\WINDOWS\system32\msfm32.exe
O4 - HKLM\..\RunOnce: [mslx.exe] C:\WINDOWS\system32\mslx.exe
O4 - HKLM\..\RunOnce: [appzh.exe] C:\WINDOWS\appzh.exe
O4 - HKLM\..\RunOnce: [mfchl.exe] C:\WINDOWS\system32\mfchl.exe
O4 - HKLM\..\RunOnce: [addvt32.exe] C:\WINDOWS\addvt32.exe
O4 - HKLM\..\RunOnce: [d3jx.exe] C:\WINDOWS\system32\d3jx.exe
O4 - HKLM\..\RunOnce: [msin32.exe] C:\WINDOWS\system32\msin32.exe
O4 - HKLM\..\RunOnce: [mscd.exe] C:\WINDOWS\system32\mscd.exe
O4 - HKLM\..\RunOnce: [sysmq32.exe] C:\WINDOWS\system32\sysmq32.exe
O4 - HKLM\..\RunOnce: [atllj.exe] C:\WINDOWS\atllj.exe
O4 - HKLM\..\RunOnce: [winme.exe] C:\WINDOWS\system32\winme.exe
O4 - HKLM\..\RunOnce: [d3jv32.exe] C:\WINDOWS\d3jv32.exe
O4 - HKLM\..\RunOnce: [ieef32.exe] C:\WINDOWS\system32\ieef32.exe
O4 - HKLM\..\RunOnce: [sdkrf32.exe] C:\WINDOWS\sdkrf32.exe
O4 - HKLM\..\RunOnce: [apitk.exe] C:\WINDOWS\apitk.exe
O4 - HKLM\..\RunOnce: [sdkpz32.exe] C:\WINDOWS\sdkpz32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\javaru32.exe
O4 - HKLM\..\RunOnce: [d3uq32.exe] C:\WINDOWS\system32\d3uq32.exe
O4 - HKLM\..\RunOnce: [ntfe32.exe] C:\WINDOWS\ntfe32.exe
O4 - HKLM\..\RunOnce: [sdkhx.exe] C:\WINDOWS\system32\sdkhx.exe
O4 - HKLM\..\RunOnce: [ipmy.exe] C:\WINDOWS\system32\ipmy.exe
O4 - HKLM\..\RunOnce: [nttw.exe] C:\WINDOWS\nttw.exe
O4 - HKLM\..\RunOnce: [nthj32.exe] C:\WINDOWS\nthj32.exe
O4 - HKCU\..\Run: [Aool] C:\Documents and Settings\Horacio Computer\Application Data\oahs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91CEF79E-1070-4553-A539-38E320837936}: NameServer = 205.188.146.146
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 31 August 2004 - 12:32 PM

Due to the time passed and the fact that you are running an older version ...
  • HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:
    • spywareinfo.com
    • subratam.org
    • tools.zerosrealm.com
  • Install/Unzip it into C:\HJT.
  • Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  • Run HijackThis, click on scan and wait for the scan to finish.
  • The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.
  • Notepad will open with a copy of the log.
    • Click on "Edit" => "Select All".
    • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.
  • Please post your entire log here for analysis.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button