Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Please Help - HijackThis Logfile!

Reply
Thread Tools

Please Help - HijackThis Logfile!

 
 
Hachabarata
Guest
Posts: n/a
 
      12-11-2004
This is the HijackThis Logfile I got from my computer, please take a
look and let me know if it's going to be a problem for my computer, as
I'm being attacked by spyware even after using AdAware and Spybot
programs:

Logfile of HijackThis v1.98.2
Scan saved at 9:50:50 AM, on 12/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\m?iexec.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://reg.knowledgeadventure.com/p....php?sku=71946
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
C:\WINDOWS\System32\wgfynlhj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program
Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware
Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
Assassin 4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Ad Arrest] C:\Program Files\Ad Arrest IE Popup
Killer\adarrest.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
Upload Tool Class) -
http://us.dl1.yimg.com/download.yaho...opper1_3us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
http://activex.microsoft.com/activex...te/sdkinst.cab

 
Reply With Quote
 
 
 
 
Hachabarata
Guest
Posts: n/a
 
      12-13-2004
Bashar wrote:
> "Hachabarata" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>
> I can pick out Backweb as spyware. Not really the worst of the web

though.
> Sidestep is a low level threat as well. Also check this out:
> http://www.neuber.com/taskmanager/pr...smsgs.exe.html - This the
> messenger service that is usually on by default but if you have

turned it
> off before, this process should make you suspicious. The process can

been
> associated with the alcarys worm. This is all I can readily see for

now.
> I am sure others may pick out some more baddies. Some pointers:
>
> Explain your problem a bit more and include all the steps you have

taken so
> far to remove the spyware/malware/virus problems. Further to this,

stop
> using IE and switch to Firefox. Yah yah yah, you can still use it on
> occasion (banking, updates) but do most of your surfing with another
> browser. Nuff said. I see you installed a number of other spyware

tools
> and guards. So much for them eh? I also shy away from all that

yahoo
> crap...never trusted it.
>
> Okeedokee:
>
> 1) Update your virus definitions (I hope you got this..)
> 2) Update Spybot and Adaware
> 3) Download Stinger from here: http://vil.nai.com/vil/stinger/
> 4) Download Bazooka from here:
> http://www.kephyr.com/spywarescanner/index.html
> 5) Go here for a second opinion on virus scanning:
> http://housecall.trendmicro.com/hous...start_corp.asp
> 6) Now boot to safe mode using F8 when restarting your comp
> 7) Run the antivirus, adaware, spybot, stinger. Reboot and scan

again in
> safe mode.
> Now reboot and run normally. Scan using your antivirus or

trendmicro,
> adaware, and bazooka(for a 3rd opinion).
>
> If you still have problems, reply to the group. This will all take a

bit of
> time so I hope you don't have a cake in the oven...
>


Thanks for the input. I did most of what you've recommended, but
nothing helps with the IE spyware problem. I've tried Adaware, Spybot,
Spyware Doctor, Spysubtract, SpywareBlaster, and a bunch of other
programs, and I'm kinda desperate now

I did see the word "WildTangent" once while using Spybot, which I heard
was evil Spyware, but Spybot removed it, so that shouldn't be the
problem anymore. I'm the only user that is affected by this spyware in
my PC, as my wife hasn't got the same problem.

I downloaded the "stinger" program and ran it, but it came up with
nothing. But I haven't got any other virus programs to run except
McAfee that came with the computer a year ago.

I've downloaded Mozilla, but unlike IE, I'm unable to delete individual
form entries. e.g. if I type "computer virus" in google one time and do
a search, the second time I type the letter "c", the word "computer
virus" shows up below the form entry. In IE, the easy way to delete
this entry would be to simply scroll down and hit the "delete" key, but
this doesn't work in Mozilla.

FWIW, here's the latest HijackThis logfile from my computer:

Logfile of HijackThis v1.98.2
Scan saved at 9:27:56 PM, on 12/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://reg.knowledgeadventure.com/p....php?sku=71946
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
C:\WINDOWS\System32\wgfynlhj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program
Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
Assassin 4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
http://us.dl1.yimg.com/download.yaho...opper1_3us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
http://activex.microsoft.com/activex...te/sdkinst.cab
> Toodles...
>
> Bashar


 
Reply With Quote
 
 
 
 
Spoonman
Guest
Posts: n/a
 
      02-22-2005
things to tick to reomve in hijack this.

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
C:\WINDOWS\System32\wgfynlhj.dll

O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe

things i'm not sure about

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

Hopefully that should sort you out

Spoony

remove _mypiercings_ to email me

"Hachabarata" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Bashar wrote:
>> "Hachabarata" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>>
>> I can pick out Backweb as spyware. Not really the worst of the web

> though.
>> Sidestep is a low level threat as well. Also check this out:
>> http://www.neuber.com/taskmanager/pr...smsgs.exe.html - This the
>> messenger service that is usually on by default but if you have

> turned it
>> off before, this process should make you suspicious. The process can

> been
>> associated with the alcarys worm. This is all I can readily see for

> now.
>> I am sure others may pick out some more baddies. Some pointers:
>>
>> Explain your problem a bit more and include all the steps you have

> taken so
>> far to remove the spyware/malware/virus problems. Further to this,

> stop
>> using IE and switch to Firefox. Yah yah yah, you can still use it on
>> occasion (banking, updates) but do most of your surfing with another
>> browser. Nuff said. I see you installed a number of other spyware

> tools
>> and guards. So much for them eh? I also shy away from all that

> yahoo
>> crap...never trusted it.
>>
>> Okeedokee:
>>
>> 1) Update your virus definitions (I hope you got this..)
>> 2) Update Spybot and Adaware
>> 3) Download Stinger from here: http://vil.nai.com/vil/stinger/
>> 4) Download Bazooka from here:
>> http://www.kephyr.com/spywarescanner/index.html
>> 5) Go here for a second opinion on virus scanning:
>> http://housecall.trendmicro.com/hous...start_corp.asp
>> 6) Now boot to safe mode using F8 when restarting your comp
>> 7) Run the antivirus, adaware, spybot, stinger. Reboot and scan

> again in
>> safe mode.
>> Now reboot and run normally. Scan using your antivirus or

> trendmicro,
>> adaware, and bazooka(for a 3rd opinion).
>>
>> If you still have problems, reply to the group. This will all take a

> bit of
>> time so I hope you don't have a cake in the oven...
>>

>
> Thanks for the input. I did most of what you've recommended, but
> nothing helps with the IE spyware problem. I've tried Adaware, Spybot,
> Spyware Doctor, Spysubtract, SpywareBlaster, and a bunch of other
> programs, and I'm kinda desperate now
>
> I did see the word "WildTangent" once while using Spybot, which I heard
> was evil Spyware, but Spybot removed it, so that shouldn't be the
> problem anymore. I'm the only user that is affected by this spyware in
> my PC, as my wife hasn't got the same problem.
>
> I downloaded the "stinger" program and ran it, but it came up with
> nothing. But I haven't got any other virus programs to run except
> McAfee that came with the computer a year ago.
>
> I've downloaded Mozilla, but unlike IE, I'm unable to delete individual
> form entries. e.g. if I type "computer virus" in google one time and do
> a search, the second time I type the letter "c", the word "computer
> virus" shows up below the form entry. In IE, the easy way to delete
> this entry would be to simply scroll down and hit the "delete" key, but
> this doesn't work in Mozilla.
>
> FWIW, here's the latest HijackThis logfile from my computer:
>
> Logfile of HijackThis v1.98.2
> Scan saved at 9:27:56 PM, on 12/12/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\System32\alg.exe
> C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
> c:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Network Associates\VirusScan\VsStat.exe
> C:\Program Files\Network Associates\VirusScan\Avconsol.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\hphmon05.exe
> C:\HP\KBD\KBD.EXE
> C:\WINDOWS\System32\VTTimer.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\WINDOWS\LTMSG.exe
> C:\Program Files\Multimedia Card Reader\shwicon2k.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\Program Files\Yahoo!\browser\ybrwicon.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
> C:\WINDOWS\system\hpsysdrv.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\Microsoft Office\Office\OSA.EXE
> C:\Program Files\interMute\SpySubtract\SpySub.exe
> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\hphmon05.exe
> C:\HP\KBD\KBD.EXE
> C:\WINDOWS\System32\VTTimer.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\WINDOWS\LTMSG.exe
> C:\Program Files\Multimedia Card Reader\shwicon2k.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\Program Files\Yahoo!\browser\ybrwicon.exe
> C:\Program Files\BroadJump\Client Foundation\CFD.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
> C:\WINDOWS\system\hpsysdrv.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Spyware Doctor\spydoctor.exe
> C:\WINDOWS\System32\m?iexec.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\Microsoft Office\Office\OSA.EXE
> C:\Program Files\interMute\SpySubtract\SpySub.exe
> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
> C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
> 1 for hijackthis.zip\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> C:\WINDOWS\about.htm
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> https://reg.knowledgeadventure.com/p....php?sku=71946
> R3 - Default URLSearchHook is missing
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> c:\Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
> C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
> O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
> C:\WINDOWS\System32\wgfynlhj.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
> - c:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
> O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
> O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
> Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
> O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
> Reader\shwicon2k.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe
> O4 - HKLM\..\Run: [YBrowser] C:\Program
> Files\Yahoo!\browser\ybrwicon.exe
> O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> Foundation\CFD.exe
> O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
> Networks\Visual IP InSight\SBC\IPClient.exe" -l
> O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> Networks\Visual IP InSight\SBC\IPMon32.exe"
> O4 - HKLM\..\Run: [Motive SmartBridge]
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
> Studios\WinPatrol\winpatrol.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\j2re1.4.2_03\bin\jusched.exe
> O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] 1
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\spydoctor.exe" /Q
> O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
> O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
> Assassin 4.0\Spyware Assassin.exe"
> O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /0
> O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
> Connections\1940576\Program\BackWeb-1940576.exe
> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqtra08.exe
> O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
> Files\Microsoft Office\Office\FINDFAST.EXE
> O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
> Office\Office\OSA.EXE
> O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
> Files\Quicken\bagent.exe
> O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
> Self Support Tool\bin\matcli.exe
> O4 - Global Startup: SpySubtract.lnk = C:\Program
> Files\interMute\SpySubtract\SpySub.exe
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\System32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> O9 - Extra button: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> Files\Yahoo!\Common\ylogin.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> Files\Yahoo!\Common\ylogin.dll
> O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
> C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
> O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> Files\Yahoo!\Messenger\yhexbmes0521.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE
> O12 - Plugin for .mp3: C:\Program Files\Internet
> Explorer\PLUGINS\npqtplugin3.dll
> O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
> http://www.kumudam.com/wfplayer/tdserver.cab
> O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
> http://www.otxresearch.com/OTXMedia/OTXMedia.dll
> O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
> http://www.sidestep.com/get/k42037/sb02a.cab
> O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
> http://us.dl1.yimg.com/download.yaho...tocomplete.cab
> O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
> http://us.dl1.yimg.com/download.yaho...opper1_3us.cab
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
> http://activex.microsoft.com/activex...te/sdkinst.cab
>> Toodles...
>>
>> Bashar

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Please help with Popups...Includes HijackThis Log Chris Computer Support 5 04-12-2006 01:36 AM
Hijackthis Log [Please Help] dbru Computer Support 6 11-10-2004 09:31 AM
Please Help with HIJACKTHIS log KB from WNS Computer Support 1 09-08-2004 06:07 PM
Help analyze HijackThis logfile, Please Cynthia K. Computer Support 7 07-15-2004 01:02 AM
A Little Help With My Hijackthis Log please Mocha Computer Support 3 06-11-2004 06:16 AM



Advertisments