Please Help - I've been hi-jacked

[baldingeagle]

My 13 year old Chinese step-son went to a chinese website and now I've been hijacked. I've run Spyware Doctor, CW Shredder and Ad-Aware SE and none have fixed the problem.

The web site is http:/start.uuloo.com and it takes over my home page and plays a very, very long chinese song. If I change my homepage back to yahoo, it will take for a minute but the song still plays.

I've also run Hi-jack This but I don't know how to fix it from there. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 4:40:52 PM, on 2/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\program files\internet explorer\iexplore.exe
E:\WINDOWS\System32\RunDll32.exe
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\Documents and Settings\Pete_C\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.uuloo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.uuloo.com
F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe E:\WINDOWS\System32\winsys16_070208.dll start
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEHelper - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Skype Toolbar for Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - E:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] efvwjektdz.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Internet Explorer.lnk = E:\Program Files\Internet Explorer\iexplore.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O9 - Extra 'Tools' menuitem: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125277601201
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126056908217
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O23 - Service: 6B4A20 - Unknown owner - E:\WINDOWS\System32\6B4A20.EXE (file missing)
O23 - Service: 7ED54A20 - Unknown owner - E:\WINDOWS\System32\7ED54A20.EXE (file missing)
O23 - Service: 83614A20 - Unknown owner - E:\WINDOWS\System32\83614A20.EXE (file missing)
O23 - Service: 85A74A20 - Unknown owner - E:\WINDOWS\System32\85A74A20.EXE (file missing)
O23 - Service: 87ED4A20 - Unknown owner - E:\WINDOWS\System32\87ED4A20.EXE (file missing)
O23 - Service: 8A334A20 - Unknown owner - E:\WINDOWS\System32\8A334A20.EXE (file missing)
O23 - Service: 934B4A20 - Unknown owner - E:\WINDOWS\System32\934B4A20.EXE (file missing)
O23 - Service: 95914A20 - Unknown owner - E:\WINDOWS\System32\95914A20.EXE (file missing)
O23 - Service: 97D74A20 - Unknown owner - E:\WINDOWS\System32\97D74A20.EXE (file missing)
O23 - Service: 9C634A20 - Unknown owner - E:\WINDOWS\System32\9C634A20.EXE (file missing)
O23 - Service: AE934A20 - Unknown owner - E:\WINDOWS\System32\AE934A20.EXE (file missing)
O23 - Service: B0D94A20 - Unknown owner - E:\WINDOWS\System32\B0D94A20.EXE (file missing)
O23 - Service: B31F4A20 - Unknown owner - E:\WINDOWS\System32\B31F4A20.EXE (file missing)
O23 - Service: B9F14A20 - Unknown owner - E:\WINDOWS\System32\B9F14A20.EXE (file missing)
O23 - Service: C54F4A20 - Unknown owner - E:\WINDOWS\System32\C54F4A20.EXE (file missing)
O23 - Service: C7954A20 - Unknown owner - E:\WINDOWS\System32\C7954A20.EXE (file missing)
O23 - Service: CC214A20 - Unknown owner - E:\WINDOWS\System32\CC214A20.EXE (file missing)
O23 - Service: CE674A20 - Unknown owner - E:\WINDOWS\System32\CE674A20.EXE (file missing)
O23 - Service: D20D4A20 - Unknown owner - E:\WINDOWS\System32\D20D4A20.EXE (file missing)
O23 - Service: D2F34A20 - Unknown owner - E:\WINDOWS\System32\D2F34A20.EXE (file missing)
O23 - Service: D77F4A20 - Unknown owner - E:\WINDOWS\System32\D77F4A20.EXE (file missing)
O23 - Service: D9C54A20 - Unknown owner - E:\WINDOWS\System32\D9C54A20.EXE (file missing)
O23 - Service: DC0B4A20 - Unknown owner - E:\WINDOWS\System32\DC0B4A20.EXE (file missing)
O23 - Service: DE514A20 - Unknown owner - E:\WINDOWS\System32\DE514A20.EXE (file missing)
O23 - Service: E5234A20 - Unknown owner - E:\WINDOWS\System32\E5234A20.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Unknown owner - E:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - E:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe




Can anyone help me? Thank you in advance.

Balding Eagle

[LonnyRJones]

Welcome baldingeagle

It appears you have no resident antivirus, why is that ?

Could you first try using system restore to go back about two full days before the problems started.
Or if you have backup software use it to do the same.

If thats not possible is a format and new install of windows an option ?
If so then put your other users on limited accounts so this wont happen again.

[baldingeagle]

Thanks for the suggestions...all good ones.

I ended up deleting the iexplorer.exe file from my computer and now I'm using firefox and all seems to be working well. Thanks again!

[LonnyRJones]

More needs to be done, the virus/trojans will continue and probaly multiply
Please re-consider

[LonnyRJones]

Hi, Closing Your thread
If you should need to post another log for the same PC let one of us know via a PM (personal message).