• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
lekrut

Please need help im hijacked!!

7 posts in this topic

Well I have tried everything to fix this besides reimaging my PC. The only thing it seems I havent done is download CWShredder since my browser won't let me get to the site. It has hijacked my browser and I can't use media player. Here is a copy of my log. Thank you in advance!! :D

 

 

 

StartupList report, 7/4/2004, 3:27:26 PM

StartupList version: 1.52

 

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\iepo32.exe

C:\WINDOWS\system32\atlak.exe

C:\Documents and Settings\\My Documents\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

atlak.exe = C:\WINDOWS\system32\atlak.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]

StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\plusaqar.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\WINDOWS\netrs32.dll - {4F9B791C-3B84-6C9B-0401-9D85FBAA515F}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Norton AntiVirus - Scan my computer.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[ppctlcab]

CODEBASE = http://www.pestscan.com/scanner/ppctlcab.cab

OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD

 

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[Yahoo! Audio Conferencing]

InProcServer32 = C:\WINDOWS\DOWNLO~1\yacscom.dll

CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

 

[brickout Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\brickout.ocx

CODEBASE = http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

 

[PPSDKActiveXScanner.MainScreen]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx

CODEBASE = http://www.pestscan.com/scanner/axscanner.cab

 

[Puzzle Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\jigsaw.ocx

CODEBASE = http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

 

[EPUImageControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll

CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab

 

[installFromTheWeb ActiveX Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\iftw.dll

CODEBASE = http://tw.msi.com.tw/autobios/client/iftwclix.cab

 

[{52A5CD24-64C6-4BAF-A4EC-4D13F451763F}]

CODEBASE = https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab

 

[RdxIE Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll

CODEBASE = http://207.188.7.150/042b3ca9bc15681aba04/...ip/RdxIE601.cab

 

[bJA Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\bja.ocx

CODEBASE = http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

 

[OPUCatalog Class]

InProcServer32 = C:\WINDOWS\System32\opuc.dll

CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

 

[shapetris Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\shape.ocx

CODEBASE = http://mirror.worldwinner.com/games/v42/shape/shape.cab

 

[blockwerx Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\BLOCKW~1.OCX

CODEBASE = http://mirror.worldwinner.com/games/v45/bl...x/blockwerx.cab

 

[DriveCamPlayer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\DriveCamEvent.dll

CODEBASE = http://www.drivecam.com/videos/DriveCamEvent.dll

 

[info Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\Si.dll

CODEBASE = http://www.blizzard.com/register/wowbeta/si.cab

 

[PWMediaSendControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll

CODEBASE = http://216.249.24.141/code/PWActiveXImgCtl.CAB

 

[DepHlp Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\dephlp.ocx

CODEBASE = http://mirror.worldwinner.com/games/shared/dephlp.cab

 

[{6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}]

CODEBASE = http://www.gigex.com/tv/igor/gigexagent.dll

 

[Word Cubes Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\wordcube.ocx

CODEBASE = http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

 

[Collapse Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\collapse.ocx

CODEBASE = http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

 

[Yahoo! Audio UI1]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll

CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

 

[Focus Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\focus.ocx

CODEBASE = http://mirror.worldwinner.com/games/v40/focus/focus.cab

 

[CustomerCtrl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\customerclient.dll

CODEBASE = http://cs5b.instantservice.com/jars/customerxsigned40.cab

 

[Cubis Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\cubis.ocx

CODEBASE = http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

 

[sol Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\sol.ocx

CODEBASE = http://mirror.worldwinner.com/games/v44/sol/sol.cab

 

[update Class]

InProcServer32 = C:\WINDOWS\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7578.7010648148

 

[swapIt Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx

CODEBASE = http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

 

[Hangman Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\hangman.ocx

CODEBASE = http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

 

[{C72242D0-3AB5-453D-842C-8A3C9AC0838D}]

CODEBASE = http://download.sidestep.com/get/k00719/sb027.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[EPSImageControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll

CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

 

[QDiagHUpdateObj Class]

InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx

CODEBASE = http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)

Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)

NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)

nVidia WDM TVAudio Crossbar: System32\DRIVERS\nvtvsnd.sys (autostart)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SAVScan: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (autostart)

ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (autostart)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)

symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Security Service: C:\WINDOWS\iepo32.exe /s (autostart)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\DOCUME~1\LANCET~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 15,438 bytes

Report generated in 0.100 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Ok I fixed the Media player had to reinstall it but my browser is still hijaked. I have gone into safe mode and ran adware, spyhunter, and hijackthis to no avail. The program seems to morph into something after I delete what is detected. Any help would be great. Thx!

Share this post


Link to post
Share on other sites

Would you please post your Hijack this log. What you actually posted was the startuplist.

Share this post


Link to post
Share on other sites

Ooops!! Here you go. thought something looked funny haha.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:27:56 PM, on 7/4/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\atlak.exe

C:\WINDOWS\system32\javalv32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lance Turkel\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nxfkc.dll/sp.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nxfkc.dll/index.html#37680

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nxfkc.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nxfkc.dll/sp.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nxfkc.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nxfkc.dll/sp.html#37680

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4F9B791C-3B84-6C9B-0401-9D85FBAA515F} - C:\WINDOWS\netrs32.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [atlak.exe] C:\WINDOWS\system32\atlak.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\system32\javalv32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: SideStep (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: ICQ 4.1 (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab

O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/042b3ca9bc15681aba04/...ip/RdxIE601.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v45/bl...x/blockwerx.cab

O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned40.cab

O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7578.7010648148

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315

Share this post


Link to post
Share on other sites
Posted new log. Could someone take a look. Thx!!

49237[/snapback]

 

Download this tool: http://users.pandora.be/marcvn/tools/get_active_services.zip

 

Extract it to c:\ and run it, you will gett active.txt, paste active.txt in your new post together with a new hjt log. And do not reboot your pc until we have helped you.

Share this post


Link to post
Share on other sites

Due to the time passed without response in this thread, I will be closing it. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0