Spyware? HJT log attached

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rickyd

Thread Starter
Joined
Sep 23, 2003
Messages
2
I suspect that there is spyware of some kind installed on my computer. An individual has been displaying knowledge that shouldn't be available unless they're tracking my internet communications.

A couple of weeks ago, I had a Welchia virus. My Virus detection and Firewall detected it immediately, and I used Symantecs removal tool. Since then, my internet connection stops working about twice a day. I'm noticing a lot of traffic on ports 137-9, even though I supposedly have these blocked via my firewall. Just before my connection stops working, I see a lot of UDP traffic outward from my PC to port 1900 at 239.255.255.250 and from various ports on my PC to the same port number on 127.0.0.1, which seems to be a self-loop. The offending UDP traffic originates in srvhost.exe.

I've run Ad-Aware, Spybot and Hijack This to try to identify the problem, but nothing turns up. I'm running Symantec Antivirus Corporate Edition, Kerio Personal Firewall, and SpywareGuard, all with the latest definitions, and none of which has made a peep since Welchia came to visit.

If anyone can help me understand this, I'm greatly indebted. I've spent hundreds of hours online trying to figure out what's going on.

Hijackthis.log:

Logfile of HijackThis v1.96.4
Scan saved at 4:50:12 AM, on 9/22/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Eclipse\eclipse\eclipse.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Kerio\Personal Firewall\PFWADMIN.EXE
C:\Program Files\Kerio\Personal Firewall\PFWADMIN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\g73t1q6r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\g73t1q6r.slt\prefs.js)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.1597685185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Mar 20, 2003
Messages
4,823
Welcome to TSG, Rickyd

Restart Hijack this and put check mark next to the following

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe

Click Fix Checked

As you are running XP, You may also want to have a look at this page
 
Joined
Mar 9, 2003
Messages
4,699
In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.rd.yahoo.com/customize/ym...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE


Comments:
This would seem to be a source of unending popups and Spam email.

RCSync.exe PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Reportedly stealth installed

Known resource hog:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

Do you use fax all the time, everyday?

As for the Atomic clock, it's fine, just check that it isn't going out to sync more than once a day.


Reboot into normal mode


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 
Joined
Mar 9, 2003
Messages
4,699
To remove Microsoft messenger Service....the source of a lot of anoying pop-ups, do the following:

1. Click Start->Control Panel
2. For Category View only (skip this step for Classic View), click Performance and Maintenance
3. Click Administrative Tools
4. Double-click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties
7. Click the STOP button.
8. Select Disabled or Manual on the Startup Type drop-down menu
9. Click OK
 

rickyd

Thread Starter
Joined
Sep 23, 2003
Messages
2
Wow. You guys are great. Thanks for all the help.

I think I've done just about everything that was suggested. When I reboot, I still get a flurry of UDP activity. I get exactly the same activity immediately before the periodic problem of my internet connection crashing. When I say crashing, I mean I can no longer use it. Browsers, chat windows, etc. don't work. But the connection seems to still be there, and my firewall shows there's activity going on. The activity all originates with svchost.exe. Is there any way to find out exactly which service is sending the data?

I also still see a lot of activity 137 and 138, even though I've blocked those with my firewall. Any idea what this is, and how I stop it or if I should?

What follows is a copy of the suspicious activity from my firewall log. After that is a copy of my hopefully clean HJT log.

Firewall log:

23/Sep/2003 18:47:52 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:52 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:52 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:55 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:55 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:55 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:55 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:58 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:58 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:58 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:47:58 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->239.255.255.250:1900; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:48:01 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->localhost [127.0.0.1:1034]; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:48:01 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1034->localhost [127.0.0.1:1034]; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:48:01 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->localhost [127.0.0.1:1035]; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
23/Sep/2003 18:48:01 Generic Host Process for Win32 Services blocked; Out UDP; localhost:1035->localhost [127.0.0.1:1035]; Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE

Hijack This log:

Logfile of HijackThis v1.96.4
Scan saved at 7:43:53 PM, on 9/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Kerio\Personal Firewall\PFWADMIN.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\g73t1q6r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\g73t1q6r.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.1597685185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks again for all your help.

Rick
 
Joined
Mar 9, 2003
Messages
4,699
Go to http://grc.com/unpnp/unpnp.htm and read Steve Gibson's article on Unplug n' Pray. Then d/l his excellent tool for disabeling plug n' play

Plug n' play is just one more on a long list or Microsoft security holes.

Who needs hackers, when we've got Microsoft??

Windows XP was promoted by Microsoft as perhaps the ultimate and most secured Windows operating system the firm had ever created, and one of its key features was increased security from electronic evildoers like hackers, crackers, and so-called cyberterrorists.

But only while it is still in the shrink wrap!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top