Jump to content


Photo

HIJACKED but still HOPEFUL


  • Please log in to reply
1 reply to this topic

#1 *syn*

*syn*

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 July 2004 - 03:54 PM

:weep:

Installed every adware remover possible.... and nothing works. Finally I realized after much research that my browser has been Hijacked.


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ipmt.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\apisp.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
Network Device Switch.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

00THotkey = C:\WINDOWS\System32\00THotkey.exe
TFncKy = TFncKy.exe /Type 10
Tpwrtray = TPWRTRAY.EXE
TosHKCW.exe = C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
apisp.exe = C:\WINDOWS\system32\apisp.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

ipmt.exe = C:\WINDOWS\ipmt.exe
sdkti32.exe = C:\WINDOWS\system32\sdkti32.exe
ipbc.exe = C:\WINDOWS\system32\ipbc.exe
atlye32.exe = C:\WINDOWS\system32\atlye32.exe
msnc.exe = C:\WINDOWS\system32\msnc.exe
syseu.exe = C:\WINDOWS\syseu.exe
winso.exe = C:\WINDOWS\winso.exe
apicn32.exe = C:\WINDOWS\system32\apicn32.exe
iens32.exe = C:\WINDOWS\system32\iens32.exe
javahm.exe = C:\WINDOWS\system32\javahm.exe
crng.exe = C:\WINDOWS\system32\crng.exe
appdh.exe = C:\WINDOWS\appdh.exe
msha32.exe = C:\WINDOWS\msha32.exe
winlk.exe = C:\WINDOWS\system32\winlk.exe
ntuo32.exe = C:\WINDOWS\ntuo32.exe
apiyy.exe = C:\WINDOWS\system32\apiyy.exe
apizj32.exe = C:\WINDOWS\apizj32.exe
netoa32.exe = C:\WINDOWS\system32\netoa32.exe
syszo32.exe = C:\WINDOWS\syszo32.exe
sysmm32.exe = C:\WINDOWS\sysmm32.exe
javamm.exe = C:\WINDOWS\system32\javamm.exe
atlkq.exe = C:\WINDOWS\system32\atlkq.exe
appxw.exe = C:\WINDOWS\system32\appxw.exe
winpz32.exe = C:\WINDOWS\system32\winpz32.exe
winta.exe = C:\WINDOWS\winta.exe
apizs.exe = C:\WINDOWS\apizs.exe
d3kd.exe = C:\WINDOWS\system32\d3kd.exe
apitm32.exe = C:\WINDOWS\system32\apitm32.exe
winbr.exe = C:\WINDOWS\system32\winbr.exe
sdkdt.exe = C:\WINDOWS\system32\sdkdt.exe
msqi.exe = C:\WINDOWS\system32\msqi.exe
apijg.exe = C:\WINDOWS\system32\apijg.exe
wintd.exe = C:\WINDOWS\system32\wintd.exe

HijackThis log file:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pvmuo.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://pvmuo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://pvmuo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pvmuo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pvmuo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://pvmuo.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17148321-8D1B-4F75-4E46-30E16B398180} - C:\WINDOWS\system32\d3fa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [apisp.exe] C:\WINDOWS\system32\apisp.exe
O4 - HKLM\..\RunOnce: [ipmt.exe] C:\WINDOWS\ipmt.exe
O4 - HKLM\..\RunOnce: [sdkti32.exe] C:\WINDOWS\system32\sdkti32.exe
O4 - HKLM\..\RunOnce: [ipbc.exe] C:\WINDOWS\system32\ipbc.exe
O4 - HKLM\..\RunOnce: [atlye32.exe] C:\WINDOWS\system32\atlye32.exe
O4 - HKLM\..\RunOnce: [msnc.exe] C:\WINDOWS\system32\msnc.exe
O4 - HKLM\..\RunOnce: [syseu.exe] C:\WINDOWS\syseu.exe
O4 - HKLM\..\RunOnce: [winso.exe] C:\WINDOWS\winso.exe
O4 - HKLM\..\RunOnce: [apicn32.exe] C:\WINDOWS\system32\apicn32.exe
O4 - HKLM\..\RunOnce: [iens32.exe] C:\WINDOWS\system32\iens32.exe
O4 - HKLM\..\RunOnce: [javahm.exe] C:\WINDOWS\system32\javahm.exe
O4 - HKLM\..\RunOnce: [crng.exe] C:\WINDOWS\system32\crng.exe
O4 - HKLM\..\RunOnce: [appdh.exe] C:\WINDOWS\appdh.exe
O4 - HKLM\..\RunOnce: [msha32.exe] C:\WINDOWS\msha32.exe
O4 - HKLM\..\RunOnce: [winlk.exe] C:\WINDOWS\system32\winlk.exe
O4 - HKLM\..\RunOnce: [ntuo32.exe] C:\WINDOWS\ntuo32.exe
O4 - HKLM\..\RunOnce: [apiyy.exe] C:\WINDOWS\system32\apiyy.exe
O4 - HKLM\..\RunOnce: [apizj32.exe] C:\WINDOWS\apizj32.exe
O4 - HKLM\..\RunOnce: [netoa32.exe] C:\WINDOWS\system32\netoa32.exe
O4 - HKLM\..\RunOnce: [syszo32.exe] C:\WINDOWS\syszo32.exe
O4 - HKLM\..\RunOnce: [sysmm32.exe] C:\WINDOWS\sysmm32.exe
O4 - HKLM\..\RunOnce: [javamm.exe] C:\WINDOWS\system32\javamm.exe
O4 - HKLM\..\RunOnce: [atlkq.exe] C:\WINDOWS\system32\atlkq.exe
O4 - HKLM\..\RunOnce: [appxw.exe] C:\WINDOWS\system32\appxw.exe
O4 - HKLM\..\RunOnce: [winpz32.exe] C:\WINDOWS\system32\winpz32.exe
O4 - HKLM\..\RunOnce: [winta.exe] C:\WINDOWS\winta.exe
O4 - HKLM\..\RunOnce: [apizs.exe] C:\WINDOWS\apizs.exe
O4 - HKLM\..\RunOnce: [d3kd.exe] C:\WINDOWS\system32\d3kd.exe
O4 - HKLM\..\RunOnce: [apitm32.exe] C:\WINDOWS\system32\apitm32.exe
O4 - HKLM\..\RunOnce: [winbr.exe] C:\WINDOWS\system32\winbr.exe
O4 - HKLM\..\RunOnce: [sdkdt.exe] C:\WINDOWS\system32\sdkdt.exe
O4 - HKLM\..\RunOnce: [msqi.exe] C:\WINDOWS\system32\msqi.exe
O4 - HKLM\..\RunOnce: [apijg.exe] C:\WINDOWS\system32\apijg.exe
O4 - HKLM\..\RunOnce: [wintd.exe] C:\WINDOWS\system32\wintd.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: Network Device Switch.lnk = ?
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

#2 *syn*

*syn*

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 July 2004 - 07:22 PM

Someone ....anyone..... HELP ME PLEASE!!!

I've been at this for a week now.....;o(

Everytime I think I've fixed it.... I reopen my browser and it's freakin BACK!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button