Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log


  • This topic is locked This topic is locked
19 replies to this topic

#1 robocop

robocop

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 23 April 2005 - 08:56 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:54:33 PM, on 4/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\user\My Documents\Downloads\Spy Bot 3.1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\crdos.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: crdos - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\user\My Documents\Downloads\IPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 24 April 2005 - 09:23 AM

Hello robocop, Welcome again at BleepingComputer. You have a couple of nasties onboard, when we finish removing, I will supply you with some information that you may want to take a good look at to set up some protection to keep these infections from occuring. If you wish help removing this stuff, please follow these directions:
Here is what you have onboard:
http://castlecops.com/clsid-1803.html
http://www.sophos.co.uk/virusinfo/analyses/trojagentdj.html

1) Download CCleaner from this link: http://www.ccleaner.com/ Take the time to review the instructions on the download page so that when I ask you to run it you will know what you are doing.

2) I am not sure if Spyware Doctor will try to prevent the removal process. You may want to turn it off until you are done with HJT.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: crdos - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

SHOW HIDDEN FILES: Follow the instructions in the link to enable hidden files for your operating system.
You may wish to reverse this process if you have any concern about anyone getting into these hidden system files.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:
I wish to check to make sure these items are not there. If they are, please delete them and let me know in your next post.

C:\WINDOWS\Config\crdos.dll >>> file

C:\WINDOWS\system32\req.dll >>>file

We removed a couple of nasty trojans, let's make sure nothing is hiding, run this free online scan, scan the whole system and set it to clean or fix anything it locates. Let me know what it finds and the exact name and location of anything it locates but can't remove. You may be asked to install an ActiveX, please do so as this program is safe and it can not run without it.
http://www.windowsecurity.com/trojanscan/

Run CCleaner then restart the computer and post a new log in this same thread along with any feedback you have. Let us know how you are running.

Thanks...pskelley
HJT Team

PURGE SYSTEM RESTORE
When you are completely finished with the removal procedure and are satisfied that the threat has been removed follow these instruction:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 04:06 PM

it wont "fix" these things

O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: crdos - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll

it says "Hijackthis is about to remove a BHO and the corresponding file from your system. close all Internet Explorer Windows AND all Window Exlporer windows before continuing for the best chances of success."

i closed all windows and closed everything but still it did not fix it

#4 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 24 April 2005 - 04:40 PM

Hello robocop, :thumbsup:

it says "Hijackthis is about to remove a BHO and the corresponding file from your system. close all Internet Explorer Windows AND all Window Exlporer windows before continuing for the best chances of success."

Yes, this is what it says when you use HJT to fix items, as all other programs and windows must be closed for success. If you did this, then something you have onboard is blocking the changes and that is what spyware tools are supposed to do. The only tool I see on your computer that could do this, and I am not familiar with it, is Spyware Doctor. Try turning Spyware Doctor off (I do not have exit information for that item, if you post how you do it I will save it for the next time it is needed...thanks) and then run through the entire fix making sure to follow directions exactly as posted.

If this does not work, then take your computer into Safe Mode: http://www.bleepingcomputer.com/forums/ind...torial=61#winxo and try it from there.

Thanks...pskelley

Edited by pskelley, 24 April 2005 - 04:41 PM.

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#5 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 07:22 PM

i uninstalled spyware doctor and tried HJT but it still didnt work
i put it in safe mode
and it still didnt work

#6 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 07:29 PM

here is a new hijack this log
something is added i think
i still havnt been able to remove the items u requested me to remov. just posting a new logg to help u see if there is something that is blocking me to remove the items i need to remove

Logfile of HijackThis v1.99.1
Scan saved at 5:28:06 PM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Ali\My Documents\Downloads\Spy Bot 3.1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\crdos.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: crdos - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Ali\My Documents\Downloads\IPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#7 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 24 April 2005 - 08:16 PM

Hi robocop, This stuff is playing hard to get. What can you tell me about this item:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\user\My Documents\Downloads\Spy Bot 3.1\Spybot - Search & Destroy\SDHelper.dll
Is this something that was downloaded recently? This is the way Spybot looks in every long I see it running in including mine:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Please make sure it is completely installed, if you have a problem delete the one you have (I am also puzzled by the version, yours is showing 3.1 and the current version to my knowledge is 1.3. Please investigate the item and if you can't finish installing it or find out if it is good, uninstall it. Then let me know and I will give you a link to download the version 1.3. If you know anything about this item I should know, please post the information for me. I am going to post the item at Net-Integration (home of Spybot forum) to see if they know anything about it.

Now let's see what we can do about those items that won't go away. Download Killbox from here: http://forum.malwareremoval.com/viewtopic.php?t=320 It is important that you review the tutorial and follow the instructions exactly, when it comes time to enter the path of the items you want to delete, this will be it:

C:\WINDOWS\system32\req.dll

C:\WINDOWS\Config\crdos.dll

You will probably need to do this in safe mode so the items will not be running.
After you are finished then restart the computer and follow the HJT instructions to remove the lines in the log if they are still there. You can also remove the line left from Spyware Doctor:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Thanks...pskelley
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#8 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 08:38 PM

spybot is a spyware remover
thats all i konw about it
im gonna uninstall spybot and try to delete the four items u have requested me to remove and see if that solves my problem

#9 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 09:12 PM

i am lost
what am i supposed to do now
i have uninstalled the spybot and tried to remove the items u have told me to but it keeps telling me "close all Internet Explorer Windows AND all Window Exlporer windows before continuing for the best chances of success."

and i got nothing open

should i run killbox

#10 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 24 April 2005 - 09:33 PM

Sorry I could not get back quicker, I had to wait for the answer :thumbsup:
OK Robocop, I received information from the Spybot home forum. The expert there suggested that it was installed to that position by whoever installed it. I would wait until we clean up the log, then I would uninstall Spybot. You can do that via Start, All Programs, Spybot Search & Destroy, then choose the uninstall wizard. After it is uninstalled, restart your computer, then download it again from here: http://www.safer-networking.org/en/download/index.html This time when asked if you wish to Save or Run, choose RUN...Spybot will put itself in the C:\Programs folder. You no longer have to concern yourself that it may be bad and can concentrate of removing the bad stuff with Killbox. I hope this helps. pskelley

lol...you think your are lost. I am trying to fix a computer without being there.

Concentrate on the tutorial for the Killbox, follow those instructions. Once you have completed those instructions and hopefully the bad items are gone, then post a new log and I will give you fresh instructions. Thanks...pskelley

Edited by pskelley, 24 April 2005 - 09:35 PM.

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#11 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 April 2005 - 11:38 PM

i downloaded the spybot u wanted me to download from
and now i tried to remove the virus from killbox but it said that file could not be deleted..........

#12 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 25 April 2005 - 06:01 AM

Please follow these instruction given earlier to enter into the safe mode. Then use use Killbox again to remove the two bad files. Then make a new log and post it while still in safe mode. Then reboot the computer and made a log while in regular mode. Post that log also, Thank you.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#13 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 25 April 2005 - 06:01 PM

i followed the instructions to going into safe mode
i went and tried to delete the files but it said file could not delete

#14 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 25 April 2005 - 06:52 PM

Please post a new HijackThis log. Thanks...pskelley
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#15 robocop

robocop
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 26 April 2005 - 05:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:12:46 PM, on 4/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\crdos.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: crdos - C:\WINDOWS\Config\crdos.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Ali\My Documents\Downloads\IPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users