Thread: Please Help - I've been hi-jacked
View Single Post
Old 02-18-2007, 01:41 PM   #1 (permalink)
baldingeagle
Registered User
 
Join Date: Feb 2007
Posts: 2
OS: xp


Please Help - I've been hi-jacked
My 13 year old Chinese step-son went to a chinese website and now I've been hijacked. I've run Spyware Doctor, CW Shredder and Ad-Aware SE and none have fixed the problem.

The web site is http:/start.uuloo.com and it takes over my home page and plays a very, very long chinese song. If I change my homepage back to yahoo, it will take for a minute but the song still plays.

I've also run Hi-jack This but I don't know how to fix it from there. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 4:40:52 PM, on 2/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\program files\internet explorer\iexplore.exe
E:\WINDOWS\System32\RunDll32.exe
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\Documents and Settings\Pete_C\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.uuloo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.uuloo.com
F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe E:\WINDOWS\System32\winsys16_070208.dll start
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEHelper - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Skype Toolbar for Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - E:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] efvwjektdz.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Internet Explorer.lnk = E:\Program Files\Internet Explorer\iexplore.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O9 - Extra 'Tools' menuitem: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125277601201
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126056908217
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O23 - Service: 6B4A20 - Unknown owner - E:\WINDOWS\System32\6B4A20.EXE (file missing)
O23 - Service: 7ED54A20 - Unknown owner - E:\WINDOWS\System32\7ED54A20.EXE (file missing)
O23 - Service: 83614A20 - Unknown owner - E:\WINDOWS\System32\83614A20.EXE (file missing)
O23 - Service: 85A74A20 - Unknown owner - E:\WINDOWS\System32\85A74A20.EXE (file missing)
O23 - Service: 87ED4A20 - Unknown owner - E:\WINDOWS\System32\87ED4A20.EXE (file missing)
O23 - Service: 8A334A20 - Unknown owner - E:\WINDOWS\System32\8A334A20.EXE (file missing)
O23 - Service: 934B4A20 - Unknown owner - E:\WINDOWS\System32\934B4A20.EXE (file missing)
O23 - Service: 95914A20 - Unknown owner - E:\WINDOWS\System32\95914A20.EXE (file missing)
O23 - Service: 97D74A20 - Unknown owner - E:\WINDOWS\System32\97D74A20.EXE (file missing)
O23 - Service: 9C634A20 - Unknown owner - E:\WINDOWS\System32\9C634A20.EXE (file missing)
O23 - Service: AE934A20 - Unknown owner - E:\WINDOWS\System32\AE934A20.EXE (file missing)
O23 - Service: B0D94A20 - Unknown owner - E:\WINDOWS\System32\B0D94A20.EXE (file missing)
O23 - Service: B31F4A20 - Unknown owner - E:\WINDOWS\System32\B31F4A20.EXE (file missing)
O23 - Service: B9F14A20 - Unknown owner - E:\WINDOWS\System32\B9F14A20.EXE (file missing)
O23 - Service: C54F4A20 - Unknown owner - E:\WINDOWS\System32\C54F4A20.EXE (file missing)
O23 - Service: C7954A20 - Unknown owner - E:\WINDOWS\System32\C7954A20.EXE (file missing)
O23 - Service: CC214A20 - Unknown owner - E:\WINDOWS\System32\CC214A20.EXE (file missing)
O23 - Service: CE674A20 - Unknown owner - E:\WINDOWS\System32\CE674A20.EXE (file missing)
O23 - Service: D20D4A20 - Unknown owner - E:\WINDOWS\System32\D20D4A20.EXE (file missing)
O23 - Service: D2F34A20 - Unknown owner - E:\WINDOWS\System32\D2F34A20.EXE (file missing)
O23 - Service: D77F4A20 - Unknown owner - E:\WINDOWS\System32\D77F4A20.EXE (file missing)
O23 - Service: D9C54A20 - Unknown owner - E:\WINDOWS\System32\D9C54A20.EXE (file missing)
O23 - Service: DC0B4A20 - Unknown owner - E:\WINDOWS\System32\DC0B4A20.EXE (file missing)
O23 - Service: DE514A20 - Unknown owner - E:\WINDOWS\System32\DE514A20.EXE (file missing)
O23 - Service: E5234A20 - Unknown owner - E:\WINDOWS\System32\E5234A20.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Unknown owner - E:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - E:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe




Can anyone help me? Thank you in advance.

Balding Eagle
baldingeagle is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here