Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

homepage yoursearcher and xmmoc


  • Please log in to reply

#1
synergie

synergie

    New Member

  • Member
  • Pip
  • 2 posts
My homepage has been hijacked by yoursearcher and xmmoc. Can you please help me please. Thank you in advance for your time and effort. Here is the log.

Logfile of HijackThis v1.97.7
Scan saved at 2:52:11 PM, on 31/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cryl32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\msov32.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Steven\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xmmoc.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xmmoc.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xmmoc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xmmoc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xmmoc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xmmoc.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C98C7DCC-04E9-A6D9-A145-8EB7C6977CFE} - C:\WINDOWS\ipqe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ontsubf] C:\WINDOWS\System32\ontsubf.exe
O4 - HKLM\..\Run: [msov32.exe] C:\WINDOWS\system32\msov32.exe
O4 - HKLM\..\Run: [mfcgx32.exe] C:\WINDOWS\system32\mfcgx32.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [cryl32.exe] C:\WINDOWS\system32\cryl32.exe
O4 - HKLM\..\RunOnce: [sysqc.exe] C:\WINDOWS\sysqc.exe
O4 - HKLM\..\RunOnce: [msru.exe] C:\WINDOWS\system32\msru.exe
O4 - HKLM\..\RunOnce: [sdkdu.exe] C:\WINDOWS\system32\sdkdu.exe
O4 - HKLM\..\RunOnce: [msqs.exe] C:\WINDOWS\system32\msqs.exe
O4 - HKLM\..\RunOnce: [atlai.exe] C:\WINDOWS\system32\atlai.exe
O4 - HKLM\..\RunOnce: [sysnu.exe] C:\WINDOWS\system32\sysnu.exe
O4 - HKLM\..\RunOnce: [ieeo32.exe] C:\WINDOWS\system32\ieeo32.exe
O4 - HKLM\..\RunOnce: [javaas.exe] C:\WINDOWS\system32\javaas.exe
O4 - HKLM\..\RunOnce: [atlil32.exe] C:\WINDOWS\system32\atlil32.exe
O4 - HKLM\..\RunOnce: [atllq.exe] C:\WINDOWS\atllq.exe
O4 - HKLM\..\RunOnce: [netzl32.exe] C:\WINDOWS\netzl32.exe
O4 - HKLM\..\RunOnce: [ieal32.exe] C:\WINDOWS\system32\ieal32.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\system32\winyp.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\iphj32.exe
O4 - HKLM\..\RunOnce: [nettm32.exe] C:\WINDOWS\nettm32.exe
O4 - HKLM\..\RunOnce: [ntxi.exe] C:\WINDOWS\system32\ntxi.exe
O4 - HKLM\..\RunOnce: [apigh.exe] C:\WINDOWS\system32\apigh.exe
O4 - HKLM\..\RunOnce: [apifb32.exe] C:\WINDOWS\system32\apifb32.exe
O4 - HKLM\..\RunOnce: [crff32.exe] C:\WINDOWS\crff32.exe
O4 - HKLM\..\RunOnce: [javajn32.exe] C:\WINDOWS\javajn32.exe
O4 - HKLM\..\RunOnce: [sysoy.exe] C:\WINDOWS\sysoy.exe
O4 - HKLM\..\RunOnce: [ippy32.exe] C:\WINDOWS\system32\ippy32.exe
O4 - HKLM\..\RunOnce: [mfctq32.exe] C:\WINDOWS\system32\mfctq32.exe
O4 - HKLM\..\RunOnce: [winvd.exe] C:\WINDOWS\winvd.exe
O4 - HKLM\..\RunOnce: [ieml.exe] C:\WINDOWS\ieml.exe
O4 - HKLM\..\RunOnce: [appry32.exe] C:\WINDOWS\appry32.exe
O4 - HKLM\..\RunOnce: [atlgz32.exe] C:\WINDOWS\atlgz32.exe
O4 - HKLM\..\RunOnce: [crzj.exe] C:\WINDOWS\crzj.exe
O4 - HKLM\..\RunOnce: [msfr.exe] C:\WINDOWS\system32\msfr.exe
O4 - HKLM\..\RunOnce: [crgi32.exe] C:\WINDOWS\system32\crgi32.exe
O4 - HKLM\..\RunOnce: [winiq32.exe] C:\WINDOWS\winiq32.exe
O4 - HKLM\..\RunOnce: [appgj32.exe] C:\WINDOWS\system32\appgj32.exe
O4 - HKLM\..\RunOnce: [javayr32.exe] C:\WINDOWS\javayr32.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\system32\sdkiv.exe
O4 - HKLM\..\RunOnce: [sysjy.exe] C:\WINDOWS\system32\sysjy.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{075E72FF-ADB4-4742-BBBB-54FF49EEC1ED}: NameServer = 203.12.160.35 203.12.160.36


Cheers <_<
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Have you tried running Ad-Aware? Download the latest version of Ad-Aware from here (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).

After installing AAW, and before running the program, you must FIRST update the reference file following these instuctions. (and you must always do this before you run the program at any later date).

Now do the following:

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives. It will find a number of spyware files and registry keys. Right-click in that pane and choose "select all"

Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

Run Hijack This again and post back a fresh log.
  • 0

#3
synergie

synergie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
This is the new log.

Logfile of HijackThis v1.97.7
Scan saved at 3:07:12 PM, on 1/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cryl32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\msov32.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Documents and Settings\Steven\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearcher.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xmmoc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xmmoc.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C98C7DCC-04E9-A6D9-A145-8EB7C6977CFE} - C:\WINDOWS\ipqe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ontsubf] C:\WINDOWS\System32\ontsubf.exe
O4 - HKLM\..\Run: [msov32.exe] C:\WINDOWS\system32\msov32.exe
O4 - HKLM\..\Run: [mfcgx32.exe] C:\WINDOWS\system32\mfcgx32.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [cryl32.exe] C:\WINDOWS\system32\cryl32.exe
O4 - HKLM\..\RunOnce: [sysqc.exe] C:\WINDOWS\sysqc.exe
O4 - HKLM\..\RunOnce: [msru.exe] C:\WINDOWS\system32\msru.exe
O4 - HKLM\..\RunOnce: [sdkdu.exe] C:\WINDOWS\system32\sdkdu.exe
O4 - HKLM\..\RunOnce: [msqs.exe] C:\WINDOWS\system32\msqs.exe
O4 - HKLM\..\RunOnce: [atlai.exe] C:\WINDOWS\system32\atlai.exe
O4 - HKLM\..\RunOnce: [sysnu.exe] C:\WINDOWS\system32\sysnu.exe
O4 - HKLM\..\RunOnce: [ieeo32.exe] C:\WINDOWS\system32\ieeo32.exe
O4 - HKLM\..\RunOnce: [javaas.exe] C:\WINDOWS\system32\javaas.exe
O4 - HKLM\..\RunOnce: [atlil32.exe] C:\WINDOWS\system32\atlil32.exe
O4 - HKLM\..\RunOnce: [atllq.exe] C:\WINDOWS\atllq.exe
O4 - HKLM\..\RunOnce: [netzl32.exe] C:\WINDOWS\netzl32.exe
O4 - HKLM\..\RunOnce: [ieal32.exe] C:\WINDOWS\system32\ieal32.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\system32\winyp.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\iphj32.exe
O4 - HKLM\..\RunOnce: [nettm32.exe] C:\WINDOWS\nettm32.exe
O4 - HKLM\..\RunOnce: [ntxi.exe] C:\WINDOWS\system32\ntxi.exe
O4 - HKLM\..\RunOnce: [apigh.exe] C:\WINDOWS\system32\apigh.exe
O4 - HKLM\..\RunOnce: [apifb32.exe] C:\WINDOWS\system32\apifb32.exe
O4 - HKLM\..\RunOnce: [crff32.exe] C:\WINDOWS\crff32.exe
O4 - HKLM\..\RunOnce: [javajn32.exe] C:\WINDOWS\javajn32.exe
O4 - HKLM\..\RunOnce: [sysoy.exe] C:\WINDOWS\sysoy.exe
O4 - HKLM\..\RunOnce: [ippy32.exe] C:\WINDOWS\system32\ippy32.exe
O4 - HKLM\..\RunOnce: [mfctq32.exe] C:\WINDOWS\system32\mfctq32.exe
O4 - HKLM\..\RunOnce: [winvd.exe] C:\WINDOWS\winvd.exe
O4 - HKLM\..\RunOnce: [ieml.exe] C:\WINDOWS\ieml.exe
O4 - HKLM\..\RunOnce: [appry32.exe] C:\WINDOWS\appry32.exe
O4 - HKLM\..\RunOnce: [atlgz32.exe] C:\WINDOWS\atlgz32.exe
O4 - HKLM\..\RunOnce: [crzj.exe] C:\WINDOWS\crzj.exe
O4 - HKLM\..\RunOnce: [msfr.exe] C:\WINDOWS\system32\msfr.exe
O4 - HKLM\..\RunOnce: [crgi32.exe] C:\WINDOWS\system32\crgi32.exe
O4 - HKLM\..\RunOnce: [winiq32.exe] C:\WINDOWS\winiq32.exe
O4 - HKLM\..\RunOnce: [appgj32.exe] C:\WINDOWS\system32\appgj32.exe
O4 - HKLM\..\RunOnce: [javayr32.exe] C:\WINDOWS\javayr32.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\system32\sdkiv.exe
O4 - HKLM\..\RunOnce: [sysjy.exe] C:\WINDOWS\system32\sysjy.exe
O4 - HKLM\..\RunOnce: [ntki.exe] C:\WINDOWS\system32\ntki.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

cheers. <_<
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Hello please download About:Buster and unzip it to your desktop. Start it, hit update, when finsihed click Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

Download About:Buster here: http://www.geekstogo...=download&id=25
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP