|
Re: HijackThisLog Analysis - Jay
If someone could take a look at mine that would be great, my comp has been all sorts of screwey lately, The 13 trojans that a virus scanner just removed helped, but there are still processes that I dont know how to remove and I am still getting lots of pop ups.
Date: 10/7/2004 11:35:33 AM
Here is what you should do:
F0 - system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
Indicated that you may have MARI trojan/virus on your computer. Try updating your Anti-Virus Software. If this is not possible, try downloading Stinger Virus Scanner and do a quick scan and destroy.
Try to uninstall P2P and any other software you are not currently using. Control Panel > Add/Remove Software.
End the below suspicious process :
C: \ Program Files \ support.com \ bin \ tgcmd.exe
C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe
C: \ Program Files \ Windows SyncroAd \ SyncroAd.exe
C: \ PROGRA~1 \ Web Offer \ wo.exe
C: \ Documents and Settings \ Jay´s Toy \ Application Data \ ceao.exe
C: \ WINNT \ System32 \ t?skmgr.exe
C: \ Program Files \ Windows SyncroAd \ WinSync.exe
Remove these search keys:
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: comcast.net /
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL,(Default) = websearch.drsnsrch.com / q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C: \ Program Files \ TV Media \ TvmBho.dll
Remove these additional browser plug-in keys (O2...O4):
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C: \ Program Files \ ClearSearch \ CSIE.DLL (file missing)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C: \ WINNT \ bxxs5.dll
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C: \ WINNT \ localNRD.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C: \ Program Files \ CxtPls \ plg0 \ CxtPls.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {61AF477B-E410-07BA-8655-655509802A3E} - C: \ WINNT \ System32 \ zwdjy.dll
O2 - BHO: (no name) - {7CD20E91-1F31-41da-8379-479EA31DF969} - (no file)
O2 - BHO: (no name) - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C: \ WINNT \ System32 \ vern32.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C: \ Program Files \ Httper \ httper.dll
O2 - BHO: (no name) - {F2B84CB0-F507-5474-A1B7-10609006D594} - C: \ WINNT \ Ppldkjmb.dll
O3 - Toolbar: Search - {FA0EC9B2-BF23-50F5-CB6F-483D9FF0740D} - C: \ WINNT \ Ppldkjmb.dll
O4 - HKLM \ .. \ Run: [Desksite CMA] C: \ Program Files \ desksite \ bin \ cma.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck] %systemroot% \ system32 \ dumprep 0 -k
O4 - HKLM \ .. \ Run: [tgcmd] "C: \ Program Files \ support.com \ bin \ tgcmd.exe" / server
O4 - HKLM \ .. \ Run: [P2P Networking] C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe / AUTOSTART
O4 - HKLM \ .. \ Run: [WildTangent CDA] RUNDLL32.exe "C: \ Program Files \ WildTangent \ Apps \ CDA \ cdaEngine0400.dll",cdaEngineMain
O4 - HKLM \ .. \ Run: [bxxs5] RunDLL32.EXE C: \ WINNT \ bxxs5.dll,DllRun
O4 - HKLM \ .. \ Run: [TV Media] C: \ Program Files \ TV Media \ Tvm.exe
O4 - HKLM \ .. \ Run: [conscorr] C: \ WINNT \ conscorr.exe
O4 - HKLM \ .. \ Run: [WebRebates0] "C: \ Program Files \ Web_Rebates \ WebRebates0.exe"
O4 - HKLM \ .. \ Run: [AutoUpdater] "C: \ Program Files \ AutoUpdate \ AutoUpdate.exe"
O4 - HKLM \ .. \ Run: [BTV] C: \ Program Files \ BTV \ btv.exe
O4 - HKLM \ .. \ Run: [Breg] "c: \ Program Files \ Common Files \ Java \ breg.exe"
O4 - HKLM \ .. \ Run: [Xcpy1] "c: \ Program Files \ Common Files \ Java \ Xcpy1.exe"
O4 - HKLM \ .. \ Run: [ws6P38X] rsvtmgr.exe
O4 - HKLM \ .. \ Run: [Windows SyncroAd] C: \ Program Files \ Windows SyncroAd \ SyncroAd.exe
O4 - HKCU \ .. \ Run: [TV Media] C: \ Program Files \ TV Media \ Tvm.exe
O4 - HKCU \ .. \ Run: [eZWO] C: \ PROGRA~1 \ Web Offer \ wo.exe
O4 - HKCU \ .. \ Run: [hBpFRUbFX] psnrtosa.exe
O4 - HKCU \ .. \ Run: [Letn] C: \ Documents and Settings \ Jay´s Toy \ Application Data \ ceao.exe
O4 - HKCU \ .. \ Run: [Qwhpwh] C: \ WINNT \ System32 \ t?skmgr.exe
Remove these extra items in IE menu (O8...O9):
O8 - Extra context menu item: Web Rebates - file: / / C: \ Program Files \ Web_Rebates \ Sy1150 \ Tp1150 \ scri1150a.htm
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra ´Tools´ menuitem: PartyPoker.com (HKLM)
Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - website: public.windupdates.com / get_file.php?bt=ie&p=b3 ... b0
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - website: imgfarm.com / images / nocache / funwebproducts / ei / SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - website: download.weatherbug.com / minibug / tricklers / AWS / MiniBugTransporter.cab?
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - website: kungfuchess.com / activex / web665.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - website: mt-download.com / MediaTicketsInstaller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - website: install.wildtangent.com / bgn / partners / aolim / install.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - website: games-dl.real.com / gameconsole / Bundler / CAB / RealArcadeRdxIE.cab
Reboot the computer and put it to safe mode. Then delete these files from your C: drive.
C: \ Program Files \ support.com \ bin \ tgcmd.exe
C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe
C: \ Program Files \ Windows SyncroAd \ SyncroAd.exe
C: \ PROGRA~1 \ Web Offer \ wo.exe
C: \ Documents and Settings \ Jay´s Toy \ Application Data \ ceao.exe
C: \ WINNT \ System32 \ t?skmgr.exe
C: \ Program Files \ Windows SyncroAd \ WinSync.exe
Original log but with private information removed.
Logfile of HijackThis v1.97.7
Scan saved at 9:33:26 PM, on 10 / 6 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C: \ WINNT \ System32 \ smss.exe
C: \ WINNT \ system32 \ winlogon.exe
C: \ WINNT \ system32 \ services.exe
C: \ WINNT \ system32 \ lsass.exe
C: \ WINNT \ system32 \ svchost.exe
C: \ WINNT \ System32 \ svchost.exe
C: \ WINNT \ system32 \ spoolsv.exe
C: \ WINNT \ Explorer.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINNT \ System32 \ CTHELPER.EXE
C: \ WINNT \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb05.exe
C: \ WINNT \ System32 \ hphmon04.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ evntsvc.exe
C: \ Program Files \ support.com \ bin \ tgcmd.exe
C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe
C: \ WINNT \ System32 \ RUNDLL32.exe
C: \ Program Files \ Windows SyncroAd \ SyncroAd.exe
C: \ Program Files \ AIM \ aim.exe
C: \ PROGRA~1 \ Web Offer \ wo.exe
C: \ Documents and Settings \ Jay´s Toy \ Application Data \ ceao.exe
C: \ WINNT \ System32 \ t?skmgr.exe
C: \ Program Files \ Windows SyncroAd \ WinSync.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINNT \ System32 \ Ati2evxx.exe
C: \ WINNT \ System32 \ CTsvcCDA.exe
C: \ WINNT \ system32 \ gearsec.exe
C: \ WINNT \ System32 \ MsPMSPSv.exe
C: \ WINNT \ System32 \ msiexec.exe
C: \ WINNT \ System32 \ taskmgr.exe
C: \ Program Files \ CxtPls \ CxtPls.exe
C: \ WINNT \ System32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Jay´s Toy \ Desktop \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: comcast.net /
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL,(Default) = websearch.drsnsrch.com / q.cgi?q=
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyServer = https=12.242.19.9:8000
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = 12.242.19.9
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C: \ Program Files \ TV Media \ TvmBho.dll
F0 - system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C: \ Program Files \ ClearSearch \ CSIE.DLL (file missing)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C: \ WINNT \ bxxs5.dll
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C: \ WINNT \ localNRD.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C: \ Program Files \ CxtPls \ plg0 \ CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {61AF477B-E410-07BA-8655-655509802A3E} - C: \ WINNT \ System32 \ zwdjy.dll
O2 - BHO: (no name) - {7CD20E91-1F31-41da-8379-479EA31DF969} - (no file)
O2 - BHO: (no name) - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C: \ WINNT \ System32 \ vern32.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C: \ Program Files \ Httper \ httper.dll
O2 - BHO: (no name) - {F2B84CB0-F507-5474-A1B7-10609006D594} - C: \ WINNT \ Ppldkjmb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINNT \ System32 \ msdxm.ocx
O3 - Toolbar: Search - {FA0EC9B2-BF23-50F5-CB6F-483D9FF0740D} - C: \ WINNT \ Ppldkjmb.dll
O4 - HKLM \ .. \ Run: [Synchronization Manager] mobsync.exe / logon
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINNT \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [Jet Detection] "C: \ Program Files \ Creative \ SBLive \ PROGRAM \ ADGJDet.exe"
O4 - HKLM \ .. \ Run: [CTStartup] C: \ Program Files \ Creative \ Splash Screen \ CTEaxSpl.EXE / run
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINNT \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb05.exe
O4 - HKLM \ .. \ Run: [HPHmon04] C: \ WINNT \ System32 \ hphmon04.exe
O4 - HKLM \ .. \ Run: [HPHUPD04] "C: \ Program Files \ HP Photosmart 11 \ hphinstall \ UniPatch \ hphupd04.exe"
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINNT \ System32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe" -atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] C: \ Program Files \ iTunes \ iTunesHelper.exe
O4 - HKLM \ .. \ Run: [TkBellExe] C: \ Program Files \ Common Files \ Real \ Update_OB \ evntsvc.exe -osboot
O4 - HKLM \ .. \ Run: [Desksite CMA] C: \ Program Files \ desksite \ bin \ cma.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck] %systemroot% \ system32 \ dumprep 0 -k
O4 - HKLM \ .. \ Run: [tgcmd] "C: \ Program Files \ support.com \ bin \ tgcmd.exe" / server
O4 - HKLM \ .. \ Run: [P2P Networking] C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe / AUTOSTART
O4 - HKLM \ .. \ Run: [WildTangent CDA] RUNDLL32.exe "C: \ Program Files \ WildTangent \ Apps \ CDA \ cdaEngine0400.dll",cdaEngineMain
O4 - HKLM \ .. \ Run: [bxxs5] RunDLL32.EXE C: \ WINNT \ bxxs5.dll,DllRun
O4 - HKLM \ .. \ Run: [TV Media] C: \ Program Files \ TV Media \ Tvm.exe
O4 - HKLM \ .. \ Run: [conscorr] C: \ WINNT \ conscorr.exe
O4 - HKLM \ .. \ Run: [WebRebates0] "C: \ Program Files \ Web_Rebates \ WebRebates0.exe"
O4 - HKLM \ .. \ Run: [AutoUpdater] "C: \ Program Files \ AutoUpdate \ AutoUpdate.exe"
O4 - HKLM \ .. \ Run: [BTV] C: \ Program Files \ BTV \ btv.exe
O4 - HKLM \ .. \ Run: [Breg] "c: \ Program Files \ Common Files \ Java \ breg.exe"
O4 - HKLM \ .. \ Run: [Xcpy1] "c: \ Program Files \ Common Files \ Java \ Xcpy1.exe"
O4 - HKLM \ .. \ Run: [ws6P38X] rsvtmgr.exe
O4 - HKLM \ .. \ Run: [Windows SyncroAd] C: \ Program Files \ Windows SyncroAd \ SyncroAd.exe
O4 - HKCU \ .. \ Run: [ATI Launchpad] "C: \ Program Files \ ATI Multimedia \ main \ launchpd.exe"
O4 - HKCU \ .. \ Run: [System Soap Pro] C: \ Program Files \ System Soap Pro \ soap.exe min
O4 - HKCU \ .. \ Run: [AIM] C: \ Program Files \ AIM \ aim.exe -cnetwait.odl
O4 - HKCU \ .. \ Run: [TV Media] C: \ Program Files \ TV Media \ Tvm.exe
O4 - HKCU \ .. \ Run: [eZWO] C: \ PROGRA~1 \ Web Offer \ wo.exe
O4 - HKCU \ .. \ Run: [hBpFRUbFX] psnrtosa.exe
O4 - HKCU \ .. \ Run: [Letn] C: \ Documents and Settings \ Jay´s Toy \ Application Data \ ceao.exe
O4 - HKCU \ .. \ Run: [Qwhpwh] C: \ WINNT \ System32 \ t?skmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res: / / C: \ PROGRA~1 \ MICROS~3 \ Office10 \ EXCEL.EXE / 3000
O8 - Extra context menu item: Web Rebates - file: / / C: \ Program Files \ Web_Rebates \ Sy1150 \ Tp1150 \ scri1150a.htm
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra ´Tools´ menuitem: PartyPoker.com (HKLM)
O12 - Plugin for .mid: C: \ Program Files \ Internet Explorer \ PLUGINS \ npqtplugin2.dll
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - website: public.windupdates.com / get_file.php?bt=ie&p=b3 ... b0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - website: download.macromedia.com / pub / shockwave / cabs / director / sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - website: imgfarm.com / images / nocache / funwebproducts / ei / SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - website: download.weatherbug.com / minibug / tricklers / AWS / MiniBugTransporter.cab?
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - website: download.microsoft.com / download / F / 6 / E / F6E491A6-77E1-4E20-9F5F-94901338C922 / wmv9VCM.CAB
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - website: download-ak.systemsoap.com / ssoap / pptproactauthakamai / systemsoappro.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - website: kungfuchess.com / activex / web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - website: a840.g.akamai.net / 7 / 840 / 537 / 2004061001 / housecall.trendmicro.com / housecall / xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - website: mt-download.com / MediaTicketsInstaller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - website: install.wildtangent.com / bgn / partners / aolim / install.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - website: games-dl.real.com / gameconsole / Bundler / CAB / RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - website: download.macromedia.com / pub / shockwave / cabs / flash / swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - website: chat.msn.com / bin / msnchat45.cab
|
Post your comment