Network Security » Web Security » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - L33t

Re: HijackThisLog Analysis - L33t


Date: Monday, 27 September, 2004 9:08 AM


Remember DO NOT run hijackthis.exe inside the zip file.  Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup for the removed key will be created on your desktop (useful if you remove them wrongly).


Here is what you should do.


Before you start, you may want to update your anti virus as you computer may have the  dktime.exe Troj/Dloader-CC trojan and Syslaunch.exe trojan.  Rescan your computer and at the same time you may want to remove RamBooster and Messenger Plus! 3.  These may comes with "sponsored" program that may contribute to slowness on your computer.


Also uninstall D-Tools, WordQ, Motive SmartBridge if you are not using them.  You can always reinstall them after you have clean up your computer.


End the below suspicious process :


C: WINDOWS System32 dktime.exe




Remove these search keys:


R1 - HKCU Software Microsoft Internet Explorer Main,Default_Page_URL = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Explorer Main,Search Bar = file: / / C: WINDOWS System32 SearchBar.htm
R0 - HKCU Software Microsoft Internet Explorer Main,Start Page = website: 213.159.117.134 / index.php
R1 - HKLM Software Microsoft Internet Explorer Main,Default_Page_URL = website: 213.159.117.134 / index.php
R0 - HKLM Software Microsoft Internet Explorer Main,Start Page = website: 213.159.117.134 / index.php
R0 - HKCU Software Microsoft Internet Explorer Main,Local Page = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Explorer Main,Start Page_bak = website: vampirefreaks.com /
R0 - HKLM Software Microsoft Internet Explorer Main,Local Page = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Connection Wizard,ShellNext = website: lexmark.com / MD / ?func=newreg&lang=0&prtr=4406001&ctry=00000409&os=5&src=1
R1 - HKCU Software Microsoft Windows CurrentVersion Internet Settings,ProxyOverride = 127.0.0.1



Remove these additional browser plug-in keys (O2...O4):



O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036 B504-51D73BD81C3A} - C: WINDOWS EliteBar EliteBar version 50.dll
O2 - BHO: (no name) - {4FFD4329-C44A-50B6 DA26-64550487243A} - C: WINDOWS System32 hcrn.dll
O2 - BHO: (no name) - {4FFF457A-9417-00E1 D626-645504872439} - C: WINDOWS System32 xoktah.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55 87FF-720FAF53D841} - C: Documents and Settings travis Local Settings Temp ClLl.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430 B771-0C15C5CA880F} - C: WINDOWS EliteBar EliteBar version 50.dll
O4 - HKLM .. Run: [DownloadWare Engine] "C: Program Files DownloadWare Engine DWE.EXE" / H
O4 - HKLM .. Run: [KernelFaultCheck] %systemroot% system32 dumprep 0 -k


O4 - HKLM .. Run: [Winad Client] C: Program Files Winad Client Winad.exe
O4 - HKLM .. Run: [golumm] C: WINDOWS System32 golumm services.exe
O4 - HKLM .. Run: [ControlPanel] C: WINDOWS System32 twink64.exe internat.dll, LoadKeyboardProfile
O4 - HKLM .. Run: [Windows SyncroAd] C: Program Files Windows SyncroAd SyncroAd.exe
O4 - HKLM .. Run: [Ebwr] C: documents and settings trish local settings temp Ebwr.exe
O4 - HKLM .. Run: [Fq9wB] C: documents and settings travis local settings temp Fq9wB.exe
O4 - HKLM .. Run: [{12EE7A5E-0674-42f9 A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM .. Run: [A70F6A1D-0195-42a2 934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM .. Run: [ssGAOOH7Q] C: documents and settings gary local settings temp ssGAOOH7Q.exe
O4 - HKLM .. Run: [Q2V4emn] C: documents and settings gary local settings temp Q2V4emn.exe
O4 - HKLM .. Run: [962c925eb967] C: WINDOWS System32 ati2cqag.exe
O4 - HKLM .. Run: [vuyu3A] C: documents and settings gary local settings temp vuyu3A.exe
O4 - HKLM .. Run: [DKTime] C: WINDOWS System32 dktime.exe
O4 - HKLM .. Run: [gl8pSE5] C: documents and settings gary local settings temp gl8pSE5.exe
O4 - HKLM .. Run: [Bakra] C: WINDOWS System32 IEHost.exe
O4 - HKLM .. Run: [rUh1v] C: documents and settings gary local settings temp rUh1v.exe
O4 - HKLM .. Run: [RQj] C: documents and settings gary local settings temp RQj.exe
O4 - HKLM .. Run: [MCq2I] C: documents and settings gary local settings temp MCq2I.exe
O4 - HKLM .. Run: [YpQAHs6c] C: documents and settings gary local settings temp YpQAHs6c.exe
O4 - HKLM .. Run: [jeWxZsol] c: documents and settings gary local settings temp jeWxZsol.exe
O4 - HKLM .. Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1





Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):


O16 - DPF: v2cab - website: 6227.searchmiracle.com / cab / v2cab.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https: / / components.viewpoint.com / MTSInstallers / MetaStream3.cab?url=website: viewpoint.com / cgi-bin / beta / vet_install_popup.pl?0&4&unknown&unknown
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - website: mirror.worldwinner.com / games / v40 / mines / mines.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - website: public.windupdates.com / get_file.php?bt=ie&p=305 ... 261
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - website: mirror.worldwinner.com / games / v42 / brickout / brickout.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - website: zone.msn.com / bingame / rtlw / default / ReflexiveWebGameLoader.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - website: mirror.worldwinner.com / games / v41 / jigsaw / jigsaw.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - website: zone.msn.com / bingame / rock / default / popcaploader1.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - website: files.ea.com / downloads / rtpatch / v2 / EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - website: 207.188.7.150 / 2460cf8844f743aef700 / netzip / RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - website: mirror.worldwinner.com / games / v49 / bjattack / bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - website: mirror.worldwinner.com / games / v42 / shape / shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - website: mirror.worldwinner.com / games / v45 / blockwerx / blockwerx.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - website: advnt01.com / dialer / canada_ver3.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - website: mirror.worldwinner.com / games / shared / dephlp.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - website: mirror.worldwinner.com / games / v40 / freecell / freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - website: mirror.worldwinner.com / games / v44 / wordcube / wordcube.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - website: launch.gamespyarcade.com / software / launch / alaunch.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - website: mirror.worldwinner.com / games / v47 / collapse / collapse.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - website: download.websearch.com / Dnl / T_50038 / QDow_AS2.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - website: mirror.worldwinner.com / games / v40 / focus / focus.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - website: mirror.worldwinner.com / games / v45 / wordmojo / wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - website: mirror.worldwinner.com / games / v55 / cubis / cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - website: mirror.worldwinner.com / games / v44 / sol / sol.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - website: zone.msn.com / binGame / ZAxRcMgr.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - website: mirror.worldwinner.com / games / v59 / swapit / swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - website: mirror.worldwinner.com / games / v40 / hangman / hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - website: mirror.worldwinner.com / games / v40 / tilecity / tilecity.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - website: zone.msn.com / bingame / zuma / default / popcaploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - website: mirror.worldwinner.com / games / v41 / golfsol / golfsol.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - website: chat.yahoo.com / cab / yvwrctl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - website: download.overpro.com / WildApp.cab


Remove Shell Service Object Delay Load Registry key:


O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C: WINDOWS System32 mssaru.dll


Reboot the computer and put it to safe mode.  Then delete these files from your C: drive.



C: WINDOWS System32 dktime.exe
C: WINDOWS System32 mssaru.dll
C: Program Files DownloadWare Engine


Original log but with private information removed.




Logfile of HijackThis v1.98.2
Scan saved at 9:00:15 PM, on 9 / 26 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C: WINDOWS System32 smss.exe
C: WINDOWS system32 winlogon.exe
C: WINDOWS system32 services.exe
C: WINDOWS system32 lsass.exe
C: WINDOWS System32 Ati2evxx.exe
C: WINDOWS system32 svchost.exe
C: WINDOWS System32 svchost.exe
C: WINDOWS system32 LEXBCES.EXE
C: WINDOWS system32 spoolsv.exe
C: PROGRA~1 Grisoft AVG6 avgserv.exe
C: Program Files Analog Devices SoundMAX SMAgent.exe
C: WINDOWS System32 svchost.exe
C: WINDOWS system32 Ati2evxx.exe
C: WINDOWS Explorer.EXE
C: Program Files Grisoft AVG6 avgcc32.exe
C: Program Files Elaborate Bytes CloneCD CloneCDTray.exe
C: Program Files Lexmark X74-X75 lxbbbmgr.exe
C: Program Files Common Files Real Update_OB realsched.exe
C: Program Files Lexmark X74-X75 lxbbbmon.exe
C: Program Files MusicMatch MusicMatch Jukebox mmtask.exe
C: Program Files D-Tools daemon.exe
C: Program Files Common Files Logitech QCDriver LVCOMS.EXE
C: WINDOWS System32 golumm services.exe
C: Program Files Windows SyncroAd SyncroAd.exe
C: documents and settings trish local settings temp Ebwr.exe
C: Program Files Windows SyncroAd WinSync.exe
C: documents and settings travis local settings temp Fq9wB.exe
C: WINDOWS System32 rundll32.exe
C: WINDOWS System32 rundll32.exe
C: WINDOWS System32 ati2cqag.exe
C: WINDOWS System32 dktime.exe
C: WINDOWS System32 rundll32.exe
C: WINDOWS System32 lexpps.exe
C: Program Files RamBooster Rambooster.exe
C: PROGRA~1 Web Offer wo.exe
C: Documents and Settings travis Application Data l?z?.exe
C: WINDOWS System32 dktime.exe
C: Documents and Settings travis rmtct.exe
C: Program Files Internet Explorer iexplore.exe
C: Program Files Internet Explorer IEXPLORE.EXE
C: WINDOWS System32 wuauclt.exe
C: WINDOWS system32 ??oolsv.exe
C: WINDOWS System32 rsvp.exe
C: Program Files Messenger Plus! 3 MsgPlus.exe
C: Program Files MSN Messenger msnmsgr.exe
C: Program Files Internet Explorer IEXPLORE.EXE
C: Program Files Internet Explorer iexplore.exe
C: Documents and Settings travis Desktop HijackThis.exe


R1 - HKCU Software Microsoft Internet Explorer Main,Default_Page_URL = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Explorer Main,Search Bar = file: / / C: WINDOWS System32 SearchBar.htm
R0 - HKCU Software Microsoft Internet Explorer Main,Start Page = website: 213.159.117.134 / index.php
R1 - HKLM Software Microsoft Internet Explorer Main,Default_Page_URL = website: 213.159.117.134 / index.php
R0 - HKLM Software Microsoft Internet Explorer Main,Start Page = website: 213.159.117.134 / index.php
R0 - HKCU Software Microsoft Internet Explorer Main,Local Page = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Explorer Main,Start Page_bak = website: vampirefreaks.com /
R0 - HKLM Software Microsoft Internet Explorer Main,Local Page = website: 213.159.117.134 / index.php
R1 - HKCU Software Microsoft Internet Connection Wizard,ShellNext = website: lexmark.com / MD / ?func=newreg&lang=0&prtr=4406001&ctry=00000409&os=5&src=1
R1 - HKCU Software Microsoft Windows CurrentVersion Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C: WINDOWS System32 Userinit.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C: WINDOWS EliteBar EliteBar version 50.dll
O2 - BHO: (no name) - {4FFD4329-C44A-50B6-DA26-64550487243A} - C: WINDOWS System32 hcrn.dll
O2 - BHO: (no name) - {4FFF457A-9417-00E1-D626-645504872439} - C: WINDOWS System32 xoktah.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C: Documents and Settings travis Local Settings Temp ClLl.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C: WINDOWS EliteBar EliteBar version 50.dll
O4 - HKLM .. Run: [AVG_CC] C: Program Files Grisoft AVG6 avgcc32.exe / startup
O4 - HKLM .. Run: [iehelper] C: Program Files syslaunch.exe
O4 - HKLM .. Run: [CloneCDElbyCDFL] "C: Program Files Elaborate Bytes CloneCD ElbyCheck.exe" / L ElbyCDFL
O4 - HKLM .. Run: [CloneCDTray] "C: Program Files Elaborate Bytes CloneCD CloneCDTray.exe"
O4 - HKLM .. Run: [Lexmark X74-X75] "C: Program Files Lexmark X74-X75 lxbbbmgr.exe"
O4 - HKLM .. Run: [QuickTime Task] "C: Program Files QuickTime qttask.exe" -atboottime
O4 - HKLM .. Run: [TkBellExe] "C: Program Files Common Files Real Update_OB realsched.exe" -osboot
O4 - HKLM .. Run: [DXM6Patch_981116] C: WINDOWS p_981116.exe / Q:A
O4 - HKLM .. Run: [StorageGuard] "C: Program Files VERITAS Software Update Manager sgtray.exe" / r
O4 - HKLM .. Run: [RegTweak] C: Program Files Rage3DTweak RegTwk.exe
O4 - HKLM .. Run: [mmtask] C: Program Files MusicMatch MusicMatch Jukebox mmtask.exe
O4 - HKLM .. Run: [ATIPTA] C: Program Files ATI Technologies ATI Control Panel atiptaxx.exe
O4 - HKLM .. Run: [DAEMON Tools-1033] "C: Program Files D-Tools daemon.exe" -lang 1033
O4 - HKLM .. Run: [WordQ carat flag] C: Program Files WordQ WordQcrs.exe
O4 - HKLM .. Run: [Motive SmartBridge] C: PROGRA~1 NETASS~1 SMARTB~1 MotiveSB.exe
O4 - HKLM .. Run: [DownloadWare Engine] "C: Program Files DownloadWare Engine DWE.EXE" / H
O4 - HKLM .. Run: [KernelFaultCheck] %systemroot% system32 dumprep 0 -k
O4 - HKLM .. Run: [MessengerPlus3] "C: Program Files Messenger Plus! 3 MsgPlus.exe"
O4 - HKLM .. Run: [Winad Client] C: Program Files Winad Client Winad.exe
O4 - HKLM .. Run: [LVCOMS] C: Program Files Common Files Logitech QCDriver LVCOMS.EXE
O4 - HKLM .. Run: [golumm] C: WINDOWS System32 golumm services.exe
O4 - HKLM .. Run: [ControlPanel] C: WINDOWS System32 twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM .. Run: [Windows SyncroAd] C: Program Files Windows SyncroAd SyncroAd.exe
O4 - HKLM .. Run: [Ebwr] C: documents and settings trish local settings temp Ebwr.exe
O4 - HKLM .. Run: [Fq9wB] C: documents and settings travis local settings temp Fq9wB.exe
O4 - HKLM .. Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM .. Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM .. Run: [ssGAOOH7Q] C: documents and settings gary local settings temp ssGAOOH7Q.exe
O4 - HKLM .. Run: [Q2V4emn] C: documents and settings gary local settings temp Q2V4emn.exe
O4 - HKLM .. Run: [962c925eb967] C: WINDOWS System32 ati2cqag.exe
O4 - HKLM .. Run: [vuyu3A] C: documents and settings gary local settings temp vuyu3A.exe
O4 - HKLM .. Run: [DKTime] C: WINDOWS System32 dktime.exe
O4 - HKLM .. Run: [gl8pSE5] C: documents and settings gary local settings temp gl8pSE5.exe
O4 - HKLM .. Run: [Bakra] C: WINDOWS System32 IEHost.exe
O4 - HKLM .. Run: [rUh1v] C: documents and settings gary local settings temp rUh1v.exe
O4 - HKLM .. Run: [RQj] C: documents and settings gary local settings temp RQj.exe
O4 - HKLM .. Run: [MCq2I] C: documents and settings gary local settings temp MCq2I.exe
O4 - HKLM .. Run: [YpQAHs6c] C: documents and settings gary local settings temp YpQAHs6c.exe
O4 - HKLM .. Run: [jeWxZsol] c: documents and settings gary local settings temp jeWxZsol.exe
O4 - HKLM .. Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU .. Run: [RamBooster] C: Program Files RamBooster Rambooster.exe
O4 - HKCU .. Run: [MessengerPlus3] "C: Program Files Messenger Plus! 3 MsgPlus.exe" / WinStart
O4 - HKCU .. Run: [sysinit] C: WINDOWS System32 golumm services.exe
O4 - HKCU .. Run: [eZWO] C: PROGRA~1 Web Offer wo.exe
O4 - HKCU .. Run: [Udrr] C: Documents and Settings travis Application Data l?z?.exe
O4 - HKCU .. Run: [DKTime] C: WINDOWS System32 dktime.exe
O4 - HKCU .. Run: [Yqqx] C: WINDOWS System32 ??oolsv.exe
O4 - HKCU .. Run: [msnmsgr] "C: Program Files MSN Messenger msnmsgr.exe" / background
O8 - Extra context menu item: Web Rebates - file: / / C: Program Files Web_Rebates Sy1150 Tp1150 scri1150a.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C: WINDOWS System32 ms.exe (file missing)
O9 - Extra ’Tools’ menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C: WINDOWS System32 ms.exe (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C: Program Files ICQLite ICQLite.exe
O9 - Extra ’Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C: Program Files ICQLite ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: Program Files Messenger MSMSGS.EXE
O9 - Extra ’Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: Program Files Messenger MSMSGS.EXE
O16 - DPF: v2cab - website: 6227.searchmiracle.com / cab / v2cab.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https: / / components.viewpoint.com / MTSInstallers / MetaStream3.cab?url=website: viewpoint.com / cgi-bin / beta / vet_install_popup.pl?0&4&unknown&unknown
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - website: mirror.worldwinner.com / games / v40 / mines / mines.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - website: public.windupdates.com / get_file.php?bt=ie&p=305 ... 261
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - website: mirror.worldwinner.com / games / v42 / brickout / brickout.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - website: zone.msn.com / bingame / rtlw / default / ReflexiveWebGameLoader.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - website: mirror.worldwinner.com / games / v41 / jigsaw / jigsaw.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - website: zone.msn.com / bingame / rock / default / popcaploader1.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - website: files.ea.com / downloads / rtpatch / v2 / EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - website: 207.188.7.150 / 2460cf8844f743aef700 / netzip / RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - website: mirror.worldwinner.com / games / v49 / bjattack / bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - website: mirror.worldwinner.com / games / v42 / shape / shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - website: mirror.worldwinner.com / games / v45 / blockwerx / blockwerx.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - website: advnt01.com / dialer / canada_ver3.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - website: mirror.worldwinner.com / games / shared / dephlp.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - website: mirror.worldwinner.com / games / v40 / freecell / freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - website: mirror.worldwinner.com / games / v44 / wordcube / wordcube.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - website: launch.gamespyarcade.com / software / launch / alaunch.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - website: mirror.worldwinner.com / games / v47 / collapse / collapse.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - website: download.websearch.com / Dnl / T_50038 / QDow_AS2.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - website: mirror.worldwinner.com / games / v40 / focus / focus.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - website: mirror.worldwinner.com / games / v45 / wordmojo / wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - website: mirror.worldwinner.com / games / v55 / cubis / cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - website: mirror.worldwinner.com / games / v44 / sol / sol.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - website: zone.msn.com / binGame / ZAxRcMgr.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - website: mirror.worldwinner.com / games / v59 / swapit / swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - website: mirror.worldwinner.com / games / v40 / hangman / hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - website: mirror.worldwinner.com / games / v40 / tilecity / tilecity.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - website: zone.msn.com / bingame / zuma / default / popcaploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - website: mirror.worldwinner.com / games / v41 / golfsol / golfsol.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - website: chat.yahoo.com / cab / yvwrctl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - website: download.overpro.com / WildApp.cab
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C: WINDOWS System32 mssaru.dll

Updated On: 04.09.27

Related Pages:

  • rsvp.exe

    2004-09-27: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Supposedly provides a form of load balancing that shifts bandwidth ··»

  • dktime.exe

    2004-09-27: Troj / Dloader-CC is a downloader Trojan which tries to download and install new executables and disable / remove existing software (typically undesirable software such ··»

  • Syslaunch.exe

    2004-04-19: W32 ADClicker G.Trojan Spyware Removal procedure: Terminate the Syslaunch.exe process. Delete c:Program FilesSyslaunch.exe Restart computer

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.