hijacked for weeks now nothing seems to fix it

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by revnice, Jul 7, 2004.

  1. revnice

    revnice Private E-2

    Dudes:

    I am cresfallen. I've tried the following programs all to no avail:

    * Hijackthis
    * SpySweeper
    * Spyware_Blaster
    * Start Page Guard
    * Adaware
    * Spybot
    * Registry Mechanic

    Whatever I do to fix the problem, the whole thing simply reappears on bootup - here's the whole gruesome story:
    -----------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 9:43:35 PM, on 7/6/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\oodag.exe
    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\javahq32.exe
    C:\Program Files\12Ghosts\12backup.exe
    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\enternet.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\netzt32.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hijack This\HijackThis.exe
    C:\Program Files\Techsmith\Snagit\SnagIt32.exe
    C:\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\xlrmc.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xlrmc.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xlrmc.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\xlrmc.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xlrmc.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\xlrmc.dll/sp.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {C41261EE-D196-DB12-C98B-22ABA88CA16B} - C:\WINNT\system32\addtk.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
    O4 - HKLM\..\Run: [ipuu.exe] C:\WINNT\system32\ipuu.exe
    O4 - HKLM\..\Run: [javahq32.exe] C:\WINNT\javahq32.exe
    O4 - HKLM\..\RunOnce: [netmb32.exe] C:\WINNT\system32\netmb32.exe
    O4 - Startup: 12Ghosts Backup.lnk = C:\Program Files\12Ghosts\12backup.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Can anyone tell me what to do now - I'm ready to try a hammer!

    Thanks - rev
     

    Attached Files:

    revnice, Jul 7, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Last edited: Jul 7, 2004
    chaslang, Jul 7, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds