Author Topic: Help, Help I have been hijacked  (Read 5903 times)

increase

  • Newbie
  • *
  • Posts: 2
    • View Profile
Help, Help I have been hijacked
« on: May 04, 2006, 10:05:43 AM »
I had the prorat.k virus which I got rid of with Xoftspyse but when i check my-proxy checker, it says you are using a proxy.

Now when i go to certain webpages I  get directed to a junk page and the admin says it is because i am using a proxy.

I disabled all browser proxy settings and run panda and a doxen other virus checkers but I cannot get rid of this thing,.

Any help please urgent?

I use Mozilla browser with winme  :oops:

increase

  • Newbie
  • *
  • Posts: 2
    • View Profile
Help, Help I have been hijacked
« Reply #1 on: May 04, 2006, 10:26:06 AM »
Here is some info
Logfile of HijackThis v1.99.1
Code: [Select]
Scan saved at 1:22:05 AM, on 5/5/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\FIREWALL\PNMSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\TPSRV9X.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\APVXDWIN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\PROGRAM FILES\POPPY\POPPY.EXE
C:\PROGRAM FILES\KEYWALLET\KWALLET.EXE
C:\PROGRAM FILES\TIMELEFT3\TIMELEFT.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\WEBPROXY.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\AVLTMAIN.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tums-network.com/traffic/start.php?u=beyond
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tums-network.com/traffic/start.php?u=beyond
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://123-paidtoread.com/scripts/runner.php?AS=219d2c4dincrease&ID=1target=autosurf"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\tt63mdl2.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\tt63mdl2.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42B} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL
O3 - Toolbar: WorldWide-Cash.net - {CB458CB0-9C9B-4f1a-94EC-6B195AE998A1} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PNMSRV] "c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE"
O4 - HKLM\..\RunServices: [TPSrv9x] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv9x.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [KeyWallet] C:\PROGRAM FILES\KEYWALLET\KWallet.exe
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - Startup: Poppy for Windows.lnk = C:\Program Files\Poppy\Poppy.exe
O4 - Startup: TIMELEFT.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: clear.pif = C:\CLEAR.BAT
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {0F5E63AE-8B1A-11D3-80A4-0050DA2D7351} - https://www.netsetter.com/r/ns/config/nsconfig.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0FC817C2-3B45-11D4-8340-0050DA825907} - http://www.deltaclick.com/DeltaClick.cab
O16 - DPF: Yahoo! Chat - http://cs4.chat.yahoo.com/c377/chat.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} - http://theonline500.com/CFIDE/classes/CFJava.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {00000000-0000-0000-1234-012398761234} - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.46.24.2

Terry

  • Administrator
  • *****
  • Posts: 1669
    • View Profile
Help, Help I have been hijacked
« Reply #2 on: May 04, 2006, 07:59:07 PM »
Did you try to use Kaspersky Anti-virus to scan your computer and update IE to 6.0?
Elite Proxy Switcher - Easily testing and using proxies.
Socks Proxy Checker - To be your chief socks proxy checker.
Buy Proxy - Buy checked proxies from My-Proxy easily and quickly.

thchog

  • Post Rank: 2
  • **
  • Posts: 30
    • View Profile
Help, Help I have been hijacked
« Reply #3 on: May 07, 2006, 02:39:54 AM »
Dude you are in the wrong forum. Take your hijack this report and go to
Code: [Select]
http://bleepingcomputers.com, read their submission rules after you register. See these tutorials, and don't panic, calm down and take your time, all will be fine soon if you follow the simple instructions.

Code: [Select]
http://www.bleepingcomputer.com/forums/topic34773.html
http://www.bleepingcomputer.com/tutorials/tutorial101.html

If you need further help pm me...

 

anything