• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
steve1117

hijacked by res://qpcyo.dll/index.html#12802

2 posts in this topic

I've tried ad-aware and I am able to delete everything except this file:

c:\\windows\system32\wincw32.dll

 

HJT will allow me to change the start page but when I log off and then log back on it goes back to the hijack page.

 

CWShredder does nothing.

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Monday, June 28, 2004 7:08:07 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R325 27.06.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R325 27.06.2004

Internal build : 257

File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

Total size : 1274298 Bytes

Signature data size : 1253786 Bytes

Reference data size : 20448 Bytes

Signatures total : 27864

Target categories : 10

Target families : 507

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:46 %

Total physical memory:130592 kb

Available physical memory:59440 kb

Total page file size:315420 kb

Available on page file:206192 kb

Total virtual memory:2097024 kb

Available virtual memory:2056844 kb

OS:

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

 

6-28-2004 7:08:07 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 6-28-2004 5:22:53 AM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:22:56 AM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:22:56 AM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 5/30/2004 2:14:40 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/23/2001 4:00:00 PM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:22:56 AM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 5/30/2004 2:13:11 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/29/2002 7:41:26 AM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:22:57 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 5/30/2004 2:15:09 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/23/2001 4:00:00 PM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 6-28-2004 5:22:57 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 5/30/2004 2:15:09 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/23/2001 4:00:00 PM

 

#:7 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 6-28-2004 5:23:01 AM

BasePriority : Normal

FileSize : 973 KB

FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)

ProductVersion : 6.00.2800.1221

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 5/12/2003 1:12:10 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 5/12/2003 1:12:10 AM

 

#:8 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:23:01 AM

BasePriority : Normal

FileSize : 304 KB

FileVersion : 5,13,00,00

ProductVersion : 5,13,00,00

Copyright : © 1993 - 2000 Lexmark International, Inc.

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

OriginalFilename : LexBceS.exe

ProductName : MarkVision for Windows (32 bit)

Created on : 10/12/2001 7:40:21 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 10/12/2001 7:40:22 AM

 

#:9 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:23:01 AM

BasePriority : Normal

FileSize : 166 KB

FileVersion : 5,13,00,00

ProductVersion : 5,13,00,00

Copyright : © 1993 - 2000 Lexmark International, Inc.

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

OriginalFilename : LEXPPS.EXE

ProductName : MarkVision for Windows (32 bit)

Created on : 3/29/2004 2:04:18 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 10/12/2001 6:38:46 AM

 

#:10 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:23:01 AM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 5/30/2004 2:15:02 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/23/2001 4:00:00 PM

 

#:11 [nvsvc32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 6-28-2004 5:23:02 AM

BasePriority : Normal

FileSize : 76 KB

FileVersion : 6.14.10.4523

ProductVersion : 6.14.10.4523

Copyright : © NVIDIA Corporation. All rights reserved.

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 45.23

InternalName : NVSVC

OriginalFilename : nvsvc32.exe

ProductName : NVIDIA Driver Helper Service, Version 45.23

Created on : 7/28/2003 7:19:00 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 7/28/2003 7:19:00 PM

 

#:12 [printray.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ThreadCreationTime : 6-28-2004 5:26:19 AM

BasePriority : Normal

FileSize : 36 KB

FileVersion : 1, 0, 0, 7

ProductVersion : 1, 0, 0, 7

Copyright : Copyright

CompanyName : Lexmark

FileDescription : PrinTray

InternalName : PrinTray

OriginalFilename : PrinTray.exe

ProductName : Lexmark PrinTray

Created on : 10/12/2001 7:40:25 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 10/12/2001 7:40:26 AM

 

#:13 [msyu.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 6-28-2004 5:26:19 AM

BasePriority : Normal

FileSize : 26 KB

Created on : 6/26/2004 5:12:04 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/26/2004 5:12:06 PM

 

#:14 [washer.exe]

FilePath : C:\Program Files\Washer\

ThreadCreationTime : 6-28-2004 5:26:20 AM

BasePriority : Normal

FileSize : 413 KB

FileVersion : 4.7.1.6

ProductVersion : 4.7

Copyright : Copyright 1998-2002 Webroot Software, Inc.

CompanyName : Webroot Software, Inc.

FileDescription : Window Washer

ProductName : Window Washer

Created on : 9/23/2003 11:33:54 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 11/13/2002 8:07:06 AM

 

#:15 [winan32.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 6-28-2004 5:26:24 AM

BasePriority : Normal

FileSize : 9 KB

Created on : 6/26/2004 4:45:51 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/26/2004 4:45:52 AM

Warning! CoolWebSearch object found in memory(C:\WINDOWS\winan32.exe)

 

CoolWebSearch Object recognized!

Type : Process

Data : winan32.exe

Category : Malware

Comment :

Object : C:\WINDOWS\

FileSize : 9 KB

Created on : 6/26/2004 4:45:51 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/26/2004 4:45:52 AM

 

 

 

#:16 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 6-28-2004 5:27:32 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 5/30/2004 2:15:09 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/23/2001 4:00:00 PM

 

#:17 [wuauclt.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 6-28-2004 5:29:06 AM

BasePriority : Normal

FileSize : 136 KB

FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)

ProductVersion : 5.4.3630.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Update AutoUpdate Client

InternalName : wuauclt.exe

OriginalFilename : wuauclt.exe

ProductName : Microsoft

Created on : 5/30/2004 2:32:55 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/29/2002 7:41:28 AM

 

#:18 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 6-28-2004 11:01:51 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 5/30/2004 2:35:18 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 8/29/2002 7:41:26 AM

 

#:19 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 6-28-2004 11:07:50 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 11/17/2003 10:36:24 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 7/13/2003 2:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://qpcyo.dll/index.html#12802"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://qpcyo.dll/index.html#12802"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://qpcyo.dll/index.html#12802"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://qpcyo.dll/index.html#12802"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://qpcyo.dll/index.html#12802"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Page_URL

Data : "res://qpcyo.dll/index.html#12802"

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\windows\system32\wincw32.dll

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800}

 

 

CoolWebSearch Object recognized!

Type : File

Data : wincw32.dll

Category : Malware

Comment :

Object : c:\windows\system32\

FileSize : 89 KB

Created on : 6/25/2004 2:38:09 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/25/2004 2:38:10 AM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\windows\system32\wincw32.dll

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800}

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 5

Objects found so far: 7

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : File

Data : qpcyo.dll

Category : Malware

Comment :

Object : C:\WINDOWS\

FileSize : 69 KB

Created on : 6/15/2004 8:28:10 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/15/2004 8:28:12 AM

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : gvanwn.dat

Category : Malware

Comment :

Object : C:\WINDOWS\

FileSize : 89 KB

Created on : 6/19/2004 11:34:59 AM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/19/2004 11:35:00 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : steve rogers@tribalfusion[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Steve Rogers\Cookies\

 

Created on : 6/28/2004 10:30:22 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/28/2004 10:30:24 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : steve rogers@atdmt[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Steve Rogers\Cookies\

 

Created on : 6/28/2004 10:30:22 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/28/2004 10:30:24 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : steve rogers@doubleclick[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Steve Rogers\Cookies\

 

Created on : 6/28/2004 11:00:34 PM

Last accessed : 6/28/2004 4:00:00 AM

Last modified : 6/28/2004 11:00:36 PM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 12

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Value : ITBarLayout

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 4

Objects found so far: 16

 

 

7:16:55 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:08:47:699

Objects scanned :88509

Objects identified :16

Objects ignored :0

New objects :16

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:01:25 PM, on 6/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\WINDOWS\system32\msyu.exe

C:\Program Files\Washer\washer.exe

C:\WINDOWS\winan32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\unzipped\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdirs.com/panel/?aff=1020&exp=3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpcyo.dll/sp.html#12802

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qpcyo.dll/index.html#12802

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qpcyo.dll/index.html#12802

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpcyo.dll/sp.html#12802

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qpcyo.dll/index.html#12802

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qpcyo.dll/sp.html#12802

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdirs.com/?aff=1020&exp=3

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Steve Rogers\Application Data\Mozilla\Profiles\default\0w0fqwf2.slt\prefs.js)

O2 - BHO: (no name) - {C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800} - C:\WINDOWS\system32\wincw32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [msyu.exe] C:\WINDOWS\system32\msyu.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"

O4 - Global Startup: PowerReg Scheduler.exe

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll

O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8140.8326041667

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...370/mcfscan.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Share this post


Link to post
Share on other sites

Did you tell Ad-Aware to delete the objects it found? Try it again in Safe Mode. (Hit the F8 key several times while booting, until you get a menu).

 

Follow the directions here or configuring Ad-Aware: http://www.spywareinfoforum.com/index.php?showtopic=8847

 

After reboot post another HijackThis log and let us know if it seems fixed. (We probably won't need the Ad-Aware log).

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0