Please Help - HijackThis Logfile!

Discussion in 'Computer Support' started by Hachabarata, Dec 11, 2004.

  1. Hachabarata

    Hachabarata Guest

    This is the HijackThis Logfile I got from my computer, please take a
    look and let me know if it's going to be a problem for my computer, as
    I'm being attacked by spyware even after using AdAware and Spybot
    programs:

    Logfile of HijackThis v1.98.2
    Scan saved at 9:50:50 AM, on 12/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\VTTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\m?iexec.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system\hpsysdrv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
    1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://keyword.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    https://reg.knowledgeadventure.com/prodreg.php?sku=71946
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
    C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
    C:\WINDOWS\System32\wgfynlhj.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion -
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
    Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program
    Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
    Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
    Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
    Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge]
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware
    Stormer\SpywareStormer.Exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
    Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
    O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
    Assassin 4.0\Spyware Assassin.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [Ad Arrest] C:\Program Files\Ad Arrest IE Popup
    Killer\adarrest.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
    Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
    Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
    Office\Office\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
    Self Support Tool\bin\matcli.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program
    Files\interMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
    C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    http://www.kumudam.com/wfplayer/tdserver.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
    http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
    http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
    Upload Tool Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
    http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    Hachabarata, Dec 11, 2004
    #1
    1. Advertising

  2. Hachabarata

    Hachabarata Guest

    Bashar wrote:
    > "Hachabarata" <> wrote in message
    > news:...
    >
    > I can pick out Backweb as spyware. Not really the worst of the web

    though.
    > Sidestep is a low level threat as well. Also check this out:
    > http://www.neuber.com/taskmanager/process/msmsgs.exe.html - This the
    > messenger service that is usually on by default but if you have

    turned it
    > off before, this process should make you suspicious. The process can

    been
    > associated with the alcarys worm. This is all I can readily see for

    now.
    > I am sure others may pick out some more baddies. Some pointers:
    >
    > Explain your problem a bit more and include all the steps you have

    taken so
    > far to remove the spyware/malware/virus problems. Further to this,

    stop
    > using IE and switch to Firefox. Yah yah yah, you can still use it on
    > occasion (banking, updates) but do most of your surfing with another
    > browser. Nuff said. I see you installed a number of other spyware

    tools
    > and guards. So much for them eh? I also shy away from all that

    yahoo
    > crap...never trusted it.
    >
    > Okeedokee:
    >
    > 1) Update your virus definitions (I hope you got this..)
    > 2) Update Spybot and Adaware
    > 3) Download Stinger from here: http://vil.nai.com/vil/stinger/
    > 4) Download Bazooka from here:
    > http://www.kephyr.com/spywarescanner/index.html
    > 5) Go here for a second opinion on virus scanning:
    > http://housecall.trendmicro.com/housecall/start_corp.asp
    > 6) Now boot to safe mode using F8 when restarting your comp
    > 7) Run the antivirus, adaware, spybot, stinger. Reboot and scan

    again in
    > safe mode.
    > 8) Now reboot and run normally. Scan using your antivirus or

    trendmicro,
    > adaware, and bazooka(for a 3rd opinion).
    >
    > If you still have problems, reply to the group. This will all take a

    bit of
    > time so I hope you don't have a cake in the oven...
    >


    Thanks for the input. I did most of what you've recommended, but
    nothing helps with the IE spyware problem. I've tried Adaware, Spybot,
    Spyware Doctor, Spysubtract, SpywareBlaster, and a bunch of other
    programs, and I'm kinda desperate now :)

    I did see the word "WildTangent" once while using Spybot, which I heard
    was evil Spyware, but Spybot removed it, so that shouldn't be the
    problem anymore. I'm the only user that is affected by this spyware in
    my PC, as my wife hasn't got the same problem.

    I downloaded the "stinger" program and ran it, but it came up with
    nothing. But I haven't got any other virus programs to run except
    McAfee that came with the computer a year ago.

    I've downloaded Mozilla, but unlike IE, I'm unable to delete individual
    form entries. e.g. if I type "computer virus" in google one time and do
    a search, the second time I type the letter "c", the word "computer
    virus" shows up below the form entry. In IE, the easy way to delete
    this entry would be to simply scroll down and hit the "delete" key, but
    this doesn't work in Mozilla.

    FWIW, here's the latest HijackThis logfile from my computer:

    Logfile of HijackThis v1.98.2
    Scan saved at 9:27:56 PM, on 12/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\VTTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system\hpsysdrv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\VTTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system\hpsysdrv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\WINDOWS\System32\m?iexec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
    1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    https://reg.knowledgeadventure.com/prodreg.php?sku=71946
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
    C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
    C:\WINDOWS\System32\wgfynlhj.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
    Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program
    Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
    Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
    Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
    Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge]
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
    Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
    O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
    Assassin 4.0\Spyware Assassin.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
    Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
    Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
    Office\Office\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
    Self Support Tool\bin\matcli.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program
    Files\interMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
    C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    http://www.kumudam.com/wfplayer/tdserver.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
    http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
    http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
    http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    > Toodles...
    >
    > Bashar
    Hachabarata, Dec 13, 2004
    #2
    1. Advertising

  3. Hachabarata

    Spoonman Guest

    things to tick to reomve in hijack this.

    O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
    C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
    C:\WINDOWS\System32\wgfynlhj.dll

    O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe

    things i'm not sure about

    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    Hopefully that should sort you out

    Spoony

    remove _mypiercings_ to email me

    "Hachabarata" <> wrote in message
    news:...
    > Bashar wrote:
    >> "Hachabarata" <> wrote in message
    >> news:...
    >>
    >> I can pick out Backweb as spyware. Not really the worst of the web

    > though.
    >> Sidestep is a low level threat as well. Also check this out:
    >> http://www.neuber.com/taskmanager/process/msmsgs.exe.html - This the
    >> messenger service that is usually on by default but if you have

    > turned it
    >> off before, this process should make you suspicious. The process can

    > been
    >> associated with the alcarys worm. This is all I can readily see for

    > now.
    >> I am sure others may pick out some more baddies. Some pointers:
    >>
    >> Explain your problem a bit more and include all the steps you have

    > taken so
    >> far to remove the spyware/malware/virus problems. Further to this,

    > stop
    >> using IE and switch to Firefox. Yah yah yah, you can still use it on
    >> occasion (banking, updates) but do most of your surfing with another
    >> browser. Nuff said. I see you installed a number of other spyware

    > tools
    >> and guards. So much for them eh? I also shy away from all that

    > yahoo
    >> crap...never trusted it.
    >>
    >> Okeedokee:
    >>
    >> 1) Update your virus definitions (I hope you got this..)
    >> 2) Update Spybot and Adaware
    >> 3) Download Stinger from here: http://vil.nai.com/vil/stinger/
    >> 4) Download Bazooka from here:
    >> http://www.kephyr.com/spywarescanner/index.html
    >> 5) Go here for a second opinion on virus scanning:
    >> http://housecall.trendmicro.com/housecall/start_corp.asp
    >> 6) Now boot to safe mode using F8 when restarting your comp
    >> 7) Run the antivirus, adaware, spybot, stinger. Reboot and scan

    > again in
    >> safe mode.
    >> 8) Now reboot and run normally. Scan using your antivirus or

    > trendmicro,
    >> adaware, and bazooka(for a 3rd opinion).
    >>
    >> If you still have problems, reply to the group. This will all take a

    > bit of
    >> time so I hope you don't have a cake in the oven...
    >>

    >
    > Thanks for the input. I did most of what you've recommended, but
    > nothing helps with the IE spyware problem. I've tried Adaware, Spybot,
    > Spyware Doctor, Spysubtract, SpywareBlaster, and a bunch of other
    > programs, and I'm kinda desperate now :)
    >
    > I did see the word "WildTangent" once while using Spybot, which I heard
    > was evil Spyware, but Spybot removed it, so that shouldn't be the
    > problem anymore. I'm the only user that is affected by this spyware in
    > my PC, as my wife hasn't got the same problem.
    >
    > I downloaded the "stinger" program and ran it, but it came up with
    > nothing. But I haven't got any other virus programs to run except
    > McAfee that came with the computer a year ago.
    >
    > I've downloaded Mozilla, but unlike IE, I'm unable to delete individual
    > form entries. e.g. if I type "computer virus" in google one time and do
    > a search, the second time I type the letter "c", the word "computer
    > virus" shows up below the form entry. In IE, the easy way to delete
    > this entry would be to simply scroll down and hit the "delete" key, but
    > this doesn't work in Mozilla.
    >
    > FWIW, here's the latest HijackThis logfile from my computer:
    >
    > Logfile of HijackThis v1.98.2
    > Scan saved at 9:27:56 PM, on 12/12/2004
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\csrss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\System32\alg.exe
    > C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    > c:\Program Files\Norton AntiVirus\navapsvc.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Network Associates\VirusScan\VsStat.exe
    > C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    > C:\WINDOWS\system32\csrss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\System32\hphmon05.exe
    > C:\HP\KBD\KBD.EXE
    > C:\WINDOWS\System32\VTTimer.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\WINDOWS\LTMSG.exe
    > C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    > C:\WINDOWS\ALCXMNTR.EXE
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    > C:\Program Files\Yahoo!\browser\ybrwicon.exe
    > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    > C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    > C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    > C:\WINDOWS\system\hpsysdrv.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    > C:\Program Files\Microsoft Office\Office\OSA.EXE
    > C:\Program Files\interMute\SpySubtract\SpySub.exe
    > C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    > C:\WINDOWS\system32\csrss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\System32\hphmon05.exe
    > C:\HP\KBD\KBD.EXE
    > C:\WINDOWS\System32\VTTimer.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\WINDOWS\LTMSG.exe
    > C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    > C:\WINDOWS\ALCXMNTR.EXE
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    > C:\Program Files\Yahoo!\browser\ybrwicon.exe
    > C:\Program Files\BroadJump\Client Foundation\CFD.exe
    > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    > C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    > C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    > C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    > C:\WINDOWS\system\hpsysdrv.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\Program Files\Spyware Doctor\spydoctor.exe
    > C:\WINDOWS\System32\m?iexec.exe
    > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    > C:\Program Files\Microsoft Office\Office\OSA.EXE
    > C:\Program Files\interMute\SpySubtract\SpySub.exe
    > C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    > C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    > C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    > C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Program Files\Internet Explorer\IEXPLORE.EXE
    > C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
    > 1 for hijackthis.zip\HijackThis.exe
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > C:\WINDOWS\about.htm
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > https://reg.knowledgeadventure.com/prodreg.php?sku=71946
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    > - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    > O2 - BHO: Google Toolbar Helper -
    > {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    > files\google\googletoolbar1.dll
    > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    > c:\Program Files\Norton AntiVirus\NavShExt.dll
    > O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
    > C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    > O2 - BHO: (no name) - {DECCC11D-54AA-0D5D-DD4E-08C53C7910C2} -
    > C:\WINDOWS\System32\wgfynlhj.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    > - c:\Program Files\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    > c:\program files\google\googletoolbar1.dll
    > O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    > O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    > Files\Sonic\Update Manager\sgtray.exe" /r
    > O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    > O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    > O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec
    > Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    > O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    > O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    > O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    > Reader\shwicon2k.exe
    > O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    > Jukebox\mmtask.exe
    > O4 - HKLM\..\Run: [YBrowser] C:\Program
    > Files\Yahoo!\browser\ybrwicon.exe
    > O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
    > Foundation\CFD.exe
    > O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
    > Networks\Visual IP InSight\SBC\IPClient.exe" -l
    > O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
    > Networks\Visual IP InSight\SBC\IPMon32.exe"
    > O4 - HKLM\..\Run: [Motive SmartBridge]
    > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    > O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    > Studios\WinPatrol\winpatrol.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\j2re1.4.2_03\bin\jusched.exe
    > O4 - HKLM\..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe
    > O4 - HKCU\..\Run: [Yahoo! Pager] 1
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    > /background
    > O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
    > Doctor\spydoctor.exe" /Q
    > O4 - HKCU\..\Run: [Aepzvofv] C:\WINDOWS\System32\m?iexec.exe
    > O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware
    > Assassin 4.0\Spyware Assassin.exe"
    > O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    > Sweeper\SpySweeper.exe" /0
    > O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
    > Connections\1940576\Program\BackWeb-1940576.exe
    > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    > Files\HP\Digital Imaging\bin\hpqtra08.exe
    > O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
    > Files\Microsoft Office\Office\FINDFAST.EXE
    > O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
    > Office\Office\OSA.EXE
    > O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    > Files\Quicken\bagent.exe
    > O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
    > Self Support Tool\bin\matcli.exe
    > O4 - Global Startup: SpySubtract.lnk = C:\Program
    > Files\interMute\SpySubtract\SpySub.exe
    > O8 - Extra context menu item: &Google Search - res://C:\Program
    > Files\Google\GoogleToolbar1.dll/cmsearch.html
    > O8 - Extra context menu item: Backward Links - res://C:\Program
    > Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page -
    > res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    > O8 - Extra context menu item: Similar Pages - res://C:\Program
    > Files\Google\GoogleToolbar1.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate into English - res://C:\Program
    > Files\Google\GoogleToolbar1.dll/cmtrans.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\WINDOWS\System32\msjava.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    > O9 - Extra button: Yahoo! Login -
    > {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    > Files\Yahoo!\Common\ylogin.dll
    > O9 - Extra 'Tools' menuitem: Yahoo! Login -
    > {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    > Files\Yahoo!\Common\ylogin.dll
    > O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
    > C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    > O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    > C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    > Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\MSMSGS.EXE
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\MSMSGS.EXE
    > O12 - Plugin for .mp3: C:\Program Files\Internet
    > Explorer\PLUGINS\npqtplugin3.dll
    > O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    > http://www.kumudam.com/wfplayer/tdserver.cab
    > O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
    > http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    > O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
    > http://www.sidestep.com/get/k42037/sb02a.cab
    > O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    > O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    > O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    > http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    > O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
    > http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    >> Toodles...
    >>
    >> Bashar

    >
    Spoonman, Feb 22, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cynthia K.

    Help analyze HijackThis logfile, Please

    Cynthia K., Jul 12, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    515
    °Mike°
    Jul 15, 2004
  2. Lord Retsudo

    608180.net problem - hijackthis logfile help req!

    Lord Retsudo, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,185
    °Mike°
    Aug 9, 2004
  3. Bob D

    Hijackthis logfile help

    Bob D, Aug 12, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    423
    °Mike°
    Aug 12, 2004
  4. CHUNTY

    Hijackthis logfile.

    CHUNTY, Oct 14, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    465
    The Tech Guy
    Oct 15, 2004
  5. Rik Vosters VUB

    Help would be appreciated... (Logfile of HijackThis)

    Rik Vosters VUB, Dec 30, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    500
    Rik Vosters VUB
    Dec 30, 2003
Loading...

Share This Page