Jump to content


Photo

Please need help im hijacked!!


  • This topic is locked This topic is locked
6 replies to this topic

#1 lekrut

lekrut

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 July 2004 - 02:32 PM

Well I have tried everything to fix this besides reimaging my PC. The only thing it seems I havent done is download CWShredder since my browser won't let me get to the site. It has hijacked my browser and I can't use media player. Here is a copy of my log. Thank you in advance!! :D



StartupList report, 7/4/2004, 3:27:26 PM
StartupList version: 1.52

Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\iepo32.exe
C:\WINDOWS\system32\atlak.exe
C:\Documents and Settings\\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
atlak.exe = C:\WINDOWS\system32\atlak.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\plusaqar.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\netrs32.dll - {4F9B791C-3B84-6C9B-0401-9D85FBAA515F}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[ppctlcab]
CODEBASE = http://www.pestscan....er/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLO~1\yacscom.dll
CODEBASE = http://us.chat1.yimg...v45/yacscom.cab

[Brickout Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\brickout.ocx
CODEBASE = http://mirror.worldw...ut/brickout.cab

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx
CODEBASE = http://www.pestscan....r/axscanner.cab

[Puzzle Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\jigsaw.ocx
CODEBASE = http://mirror.worldw...gsaw/jigsaw.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll
CODEBASE = http://tools.ebayimg...ol_v1-0-3-9.cab

[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\iftw.dll
CODEBASE = http://tw.msi.com.tw...nt/iftwclix.cab

[{52A5CD24-64C6-4BAF-A4EC-4D13F451763F}]
CODEBASE = https://www.cuworld....ges/CUworld.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150...ip/RdxIE601.cab

[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\bja.ocx
CODEBASE = http://mirror.worldw...ck/bjattack.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Shapetris Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\shape.ocx
CODEBASE = http://mirror.worldw...shape/shape.cab

[Blockwerx Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BLOCKW~1.OCX
CODEBASE = http://mirror.worldw...x/blockwerx.cab

[DriveCamPlayer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DriveCamEvent.dll
CODEBASE = http://www.drivecam....iveCamEvent.dll

[Info Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Si.dll
CODEBASE = http://www.blizzard..../wowbeta/si.cab

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll
CODEBASE = http://216.249.24.14...tiveXImgCtl.CAB

[DepHlp Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\dephlp.ocx
CODEBASE = http://mirror.worldw...ared/dephlp.cab

[{6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}]
CODEBASE = http://www.gigex.com.../gigexagent.dll

[Word Cubes Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wordcube.ocx
CODEBASE = http://mirror.worldw...be/wordcube.cab

[Collapse Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\collapse.ocx
CODEBASE = http://mirror.worldw...se/collapse.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Focus Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\focus.ocx
CODEBASE = http://mirror.worldw...focus/focus.cab

[CustomerCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\customerclient.dll
CODEBASE = http://cs5b.instants...erxsigned40.cab

[Cubis Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\cubis.ocx
CODEBASE = http://mirror.worldw...cubis/cubis.cab

[Sol Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\sol.ocx
CODEBASE = http://mirror.worldw...v44/sol/sol.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupd...7578.7010648148

[SwapIt Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx
CODEBASE = http://mirror.worldw...apit/swapit.cab

[Hangman Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hangman.ocx
CODEBASE = http://mirror.worldw...man/hangman.cab

[{C72242D0-3AB5-453D-842C-8A3C9AC0838D}]
CODEBASE = http://download.side...00719/sb027.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[EPSImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll
CODEBASE = http://tools.ebayimg...ol_v1-0-3-0.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE = http://h30043.www3.h.../qdiagh.cab?315

--------------------------------------------------

Enumerating Windows NT/2000/XP services

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
nVidia WDM TVAudio Crossbar: System32\DRIVERS\nvtvsnd.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVScan: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Security Service: C:\WINDOWS\iepo32.exe /s (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\LANCET~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 15,438 bytes
Report generated in 0.100 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 lekrut

lekrut

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 July 2004 - 04:09 PM

Ok I fixed the Media player had to reinstall it but my browser is still hijaked. I have gone into safe mode and ran adware, spyhunter, and hijackthis to no avail. The program seems to morph into something after I delete what is detected. Any help would be great. Thx!

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 04 July 2004 - 04:23 PM

Would you please post your Hijack this log. What you actually posted was the startuplist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 lekrut

lekrut

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 July 2004 - 06:29 PM

Ooops!! Here you go. thought something looked funny haha.


Logfile of HijackThis v1.97.7
Scan saved at 7:27:56 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\atlak.exe
C:\WINDOWS\system32\javalv32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lance Turkel\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nxfkc.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nxfkc.dll/index.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nxfkc.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nxfkc.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nxfkc.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nxfkc.dll/sp.html#37680
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4F9B791C-3B84-6C9B-0401-9D85FBAA515F} - C:\WINDOWS\netrs32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [atlak.exe] C:\WINDOWS\system32\atlak.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\system32\javalv32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: SideStep (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld....ges/CUworld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam....iveCamEvent.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com.../gigexagent.dll
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldw...focus/focus.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instants...erxsigned40.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldw...v44/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7578.7010648148
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldw...man/hangman.cab
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.side...00719/sb027.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?315

#5 lekrut

lekrut

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 July 2004 - 02:34 AM

Posted new log. Could someone take a look. Thx!!

#6 pcguy

pcguy

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 15 October 2004 - 11:11 AM

Posted new log. Could someone take a look. Thx!!

View Post


Download this tool: http://users.pandora...ve_services.zip

Extract it to c:\ and run it, you will gett active.txt, paste active.txt in your new post together with a new hjt log. And do not reboot your pc until we have helped you.

#7 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 13 December 2004 - 12:44 PM

Due to the time passed without response in this thread, I will be closing it. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button