MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » 

Logfile of HijackThis v1.97.7 - wandmdad

Reference:

Here is what you should do.

End the below suspicious process :

C: \ documents and settings \ owner \ local settings \ temp \ R.exe
C: \ documents and settings \ owner \ local settings \ temp \ hb4rb7fjt.exe
C: \ documents and settings \ owner \ local settings \ temp \ p9Y1O.exe
C: \ WINNT \ System32 \ adsnt954.exe 
C: \ Program Files \ Common Files \ WinTools \ WToolsA.exe
C: \ WINNT \ wanmpsvc.exe
C: \ Program Files \ Common Files \ WinTools \ WToolsS.exe
C: \ Program Files \ Common Files \ WinTools \ WSup.exe

Remove these search keys:

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = file: / / C: \ WINNT \ System32 \ SearchBar.htm
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar,LinksFolderName =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,SearchAssistant = website: websearch.com / ie.aspx?tb_id=50093
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,CustomizeSearch = res: / / C: \ PROGRA~1 \ Toolbar \ toolbar.dll / sa

Remove these additional browser plug-in keys (O2...O4):

O2 - BHO: (no name) - {3DFD4350-9541-2690-D524-66557FDA2F36} - C: \ WINNT \ System32 \ yxautx.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C: \ PROGRA~1 \ COMMON~1 \ WinTools \ WToolsB.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C: \ Documents and Settings \ Owner \ Local Settings \ Temp \ xTB5FY1.dll

O4 - HKLM \ .. \ Run: [WildTangent CDA] RUNDLL32.exe "C: \ Program Files \ WildTangent \ Apps \ CDA \ cdaEngine0400.dll",cdaEngineMain
O4 - HKLM \ .. \ Run: [R] C: \ documents and settings \ owner \ local settings \ temp \ R.exe
O4 - HKLM \ .. \ Run: [hb4rb7fjt] C: \ documents and settings \ owner \ local settings \ temp \ hb4rb7fjt.exe
O4 - HKLM \ .. \ Run: [2SWZKN82R5K47C] C: \ WINNT \ System32 \ Fmd2oJ.exe
O4 - HKLM \ .. \ Run: [Dsi] C: \ WINNT \ System32 \ dp-him.exe
O4 - HKLM \ .. \ Run: [EvEJLXCR] C: \ documents and settings \ owner \ local settings \ temp \ EvEJLXCR.exe
O4 - HKLM \ .. \ Run: [ws8R38j] vdm2_32.exe
O4 - HKLM \ .. \ Run: [p9Y1O] C: \ documents and settings \ owner \ local settings \ temp \ p9Y1O.exe
O4 - HKLM \ .. \ Run: [b4dc0c289700] C: \ WINNT \ System32 \ adsnt954.exe
O4 - HKLM \ .. \ Run: [VVSN] C: \ Program Files \ VVSN \ VVSN.exe
O4 - HKLM \ .. \ Run: [WinTools] C: \ Program Files \ Common Files \ WinTools \ WToolsA.exe
O4 - HKCU \ .. \ RunOnce: [Web Offer] C: \ ezStub.exe
O4 - Startup: Download Mgr.lnk = C: \ WINNT \ DownloadWizard \ DownloadWizard.exe

Remove these extra items in IE menu (O8...O9):

O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)

Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):

O16 - DPF: Pop Fu by pogo - website: game3.pogo.com / applet-5.9.2.31 / popfu / popfu-ob-assets.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - website: download.microsoft.com / download / d / 4 / 4 / d446e8a9-3a86-4b59-bb19-f5bd11b40367 / wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - website: office.microsoftcom / templates / ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - website: apple.com / qtactivex / qtplugin.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - website: ebot.digitalriver.com / v2.0-doc / dlwizard / wizard3.0.4.2.block2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - website: spywarestormer.com / files2 / Install.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - website: aol.easports.com / downloads / games / common / ieell.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - website: download.microsoft.com / download / F / 6 / E / F6E491A6-77E1-4E20-9F5F-94901338C922 / wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - website: aolcc.aol.com / computercheckup / qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - website: napster.com / client / setup.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - website: aol.easports.com / downloads / games / common / snoopy / iesnoopy.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - website: ofoto.com / downloads / BUM / BUM_WIN_IE_1 / axofupld.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp: / / system / RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp: / / system / StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - website: v4.windowsupdate.microsoft.com / CAB / x86 / unicode / iuctl.CAB?373044103009259
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - website: wildtangent.com / install / wdriver / arcadegames / meteormadness / eacom / wtinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - website: download.macromedia.com / pub / shockwave / cabs / flash / swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - website: dgl.microsoft.com / downloads / outc.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - website: download.overpro.com / WildApp.cab

Reboot the computer and put it to safe mode.  Then delete these files from your C: drive.

C: \ documents and settings \ owner \ local settings \ temp \ R.exe
C: \ documents and settings \ owner \ local settings \ temp \ hb4rb7fjt.exe
C: \ documents and settings \ owner \ local settings \ temp \ p9Y1O.exe
C: \ WINNT \ System32 \ adsnt954.exe 
C: \ Program Files \ Common Files \ WinTools \ WToolsA.exe
C: \ WINNT \ wanmpsvc.exe
C: \ Program Files \ Common Files \ WinTools \ WToolsS.exe
C: \ Program Files \ Common Files \ WinTools \ WSup.exe

Original log but with private information removed.

Scan saved at 11:41:08 AM, on 11 / 20 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \ WINNT \ System32 \ smss.exe
C: \ WINNT \ system32 \ winlogon.exe
C: \ WINNT \ system32 \ services.exe
C: \ WINNT \ system32 \ lsass.exe
C: \ WINNT \ system32 \ svchost.exe
C: \ WINNT \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINNT \ Explorer.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINNT \ system32 \ ntvdm.exe
C: \ WINNT \ System32 \ SK9910DM.EXE
C: \ WINNT \ GWMDMMSG.exe
C: \ Program Files \ Adaptec \ Easy CD Creator 5 \ DirectCD \ DirectCD.exe
C: \ WINNT \ system32 \ spoolsv.exe
C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mm_tray.exe
C: \ WINNT \ SM1BG.EXE C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINNT \ System32 \ RUNDLL32.exe
C: \ documents and settings \ owner \ local settings \ temp \ R.exe
C: \ documents and settings \ owner \ local settings \ temp \ hb4rb7fjt.exe
C: \ PROGRA~1 \ COMMON~1 \ AOL \ AOLSPY~1 \ AOLSP Scheduler.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
C: \ PROGRA~1 \ COMMON~1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ documents and settings \ owner \ local settings \ temp \ p9Y1O.exe
C: \ WINNT \ System32 \ adsnt954.exe
C: \ WINNT \ System32 \ BSPLAYER.EXE
C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe
C: \ OPLIMIT \ ocrawr32.exe
C: \ WINNT \ System32 \ MSTMON_Q.EXE
C: \ Program Files \ Common Files \ WinTools \ WToolsA.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Program Files \ AIM95 \ aim.exe
C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
C: \ WINNT \ System32 \ nvsvc32.exe
C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
C: \ Program Files \ America Online 9.0a \ aoltray.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Microsoft Office \ Office \ MSOFFICE.EXE
C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
C: \ WINNT \ wanmpsvc.exe
C: \ Program Files \ Common Files \ WinTools \ WToolsS.exe
C: \ Program Files \ Common Files \ WinTools \ WSup.exe
C: \ WINNT \ System32 \ wuauclt.exe
C: \ Documents and Settings \ Owner \ Desktop \ HijackThis.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINNT \ System32 \ wuauclt.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = file: / / C: \ WINNT \ System32 \ SearchBar.htm
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: yahoo.com / R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: gateway.net
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: gateway.net R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = res: / / C: \ PROGRA~1 \ Toolbar \ toolbar.dll / sa
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar,LinksFolderName =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,SearchAssistant = website: websearch.com / ie.aspx?tb_id=50093
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,CustomizeSearch = res: / / C: \ PROGRA~1 \ Toolbar \ toolbar.dll / sa
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O2 - BHO: (no name) - {3DFD4350-9541-2690-D524-66557FDA2F36} - C: \ WINNT \ System32 \ yxautx.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C: \ PROGRA~1 \ COMMON~1 \ WinTools \ WToolsB.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C: \ Documents and Settings \ Owner \ Local Settings \ Temp \ xTB5FY1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C: \ Program Files \ Microsoft Money \ System \ mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINNT \ System32 \ msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O4 - HKLM \ .. \ Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM \ .. \ Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM \ .. \ Run: [Keyboard Preload Check] C: \ OEMDRVRS \ KEYB \ Preload.exe / DEVID: / CLASS:Keyboard / RunValue:"Keyboard Preload Check"
O4 - HKLM \ .. \ Run: [GWMDMpi] C: \ WINNT \ GWMDMpi.exe
O4 - HKLM \ .. \ Run: [AdaptecDirectCD] "C: \ Program Files \ Adaptec \ Easy CD Creator 5 \ DirectCD \ DirectCD.exe"
O4 - HKLM \ .. \ Run: [Microsoft Works Portfolio] C: \ Program Files \ Microsoft Works \ WksSb.exe / AllUsers
O4 - HKLM \ .. \ Run: [MoneyStartUp10.0] "C: \ Program Files \ Microsoft Money \ System \ Activation.exe"
O4 - HKLM \ .. \ Run: [WorksFUD] C: \ Program Files \ Microsoft Works \ wkfud.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINNT \ System32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [MMTray] C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mm_tray.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" -osboot
O4 - HKLM \ .. \ Run: [WildTangent CDA] RUNDLL32.exe "C: \ Program Files \ WildTangent \ Apps \ CDA \ cdaEngine0400.dll",cdaEngineMain
O4 - HKLM \ .. \ Run: [R] C: \ documents and settings \ owner \ local settings \ temp \ R.exe
O4 - HKLM \ .. \ Run: [hb4rb7fjt] C: \ documents and settings \ owner \ local settings \ temp \ hb4rb7fjt.exe
O4 - HKLM \ .. \ Run: [2SWZKN82R5K47C] C: \ WINNT \ System32 \ Fmd2oJ.exe
O4 - HKLM \ .. \ Run: [Dsi] C: \ WINNT \ System32 \ dp-him.exe
O4 - HKLM \ .. \ Run: [AOL Spyware Protection] "C: \ PROGRA~1 \ COMMON~1 \ AOL \ AOLSPY~1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe" -atboottime
O4 - HKLM \ .. \ Run: [P2P Networking] C: \ WINNT \ System32 \ P2P Networking \ P2P Networking.exe / AUTOSTART
O4 - HKLM \ .. \ Run: [EvEJLXCR] C: \ documents and settings \ owner \ local settings \ temp \ EvEJLXCR.exe
O4 - HKLM \ .. \ Run: [ws8R38j] vdm2_32.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [URLLSTCK.exe] C: \ Program Files \ Norton Internet Security \ UrlLstCk.exe
O4 - HKLM \ .. \ Run: [SSC_UserPrompt] C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ UsrPrmpt.exe
O4 - HKLM \ .. \ Run: [p9Y1O] C: \ documents and settings \ owner \ local settings \ temp \ p9Y1O.exe
O4 - HKLM \ .. \ Run: [b4dc0c289700] C: \ WINNT \ System32 \ adsnt954.exe
O4 - HKLM \ .. \ Run: [VVSN] C: \ Program Files \ VVSN \ VVSN.exe
O4 - HKLM \ .. \ Run: [BS Player] BSPLAYER.EXE
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA~1 \ SYMNET~1 \ SNDMon.exe
O4 - HKLM \ .. \ Run: [mmtask] C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe
O4 - HKLM \ .. \ Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C: \ WINNT \ System32 \ MSTMON_Q.EXE
O4 - HKLM \ .. \ Run: [WinTools] C: \ Program Files \ Common Files \ WinTools \ WToolsA.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [MoneyAgent] "C: \ Program Files \ Microsoft Money \ System \ Money Express.exe"
O4 - HKCU \ .. \ Run: [AIM] C: \ Program Files \ AIM95 \ aim.exe -cnetwait.odl
O4 - HKCU \ .. \ Run: [Microsoft Works Update Detection] C: \ Program Files \ Microsoft Works \ WkDetect.exe
O4 - HKCU \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA~1 \ SYMNET~1 \ SNDMon.exe
O4 - HKCU \ .. \ RunOnce: [Web Offer] C: \ ezStub.exe
O4 - HKCU \ .. \ RunOnce: [BS Player] BSPLAYER.EXE
O4 - Startup: Download Mgr.lnk = C: \ WINNT \ DownloadWizard \ DownloadWizard.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0a \ aoltray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C: \ Program Files \ Microsoft Office \ Office \ MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra ´Tools´ menuitem: MaxSpeed (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra ´Tools´ menuitem: AOL Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ´Tools´ menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: Pop Fu by pogo - website: game3.pogo.com / applet-5.9.2.31 / popfu / popfu-ob-assets.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - website: download.microsoft.com / download / d / 4 / 4 / d446e8a9-3a86-4b59-bb19-f5bd11b40367 / wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - website: office.microsoftcom / templates / ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - website: apple.com / qtactivex / qtplugin.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - website: ebot.digitalriver.com / v2.0-doc / dlwizard / wizard3.0.4.2.block2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - website: spywarestormer.com / files2 / Install.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - website: aol.easports.com / downloads / games / common / ieell.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - website: download.microsoft.com / download / F / 6 / E / F6E491A6-77E1-4E20-9F5F-94901338C922 / wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - website: aolcc.aol.com / computercheckup / qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - website: napster.com / client / setup.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - website: aol.easports.com / downloads / games / common / snoopy / iesnoopy.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - website: ofoto.com / downloads / BUM / BUM_WIN_IE_1 / axofupld.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp: / / system / RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp: / / system / StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - website: v4.windowsupdate.microsoft.com / CAB / x86 / unicode / iuctl.CAB?373044103009259
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - website: wildtangent.com / install / wdriver / arcadegames / meteormadness / eacom / wtinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - website: download.macromedia.com / pub / shockwave / cabs / flash / swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - website: dgl.microsoft.com / downloads / outc.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - website: download.overpro.com / WildApp.cab

vvsn.exe 22-Nov-2004


commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.