A Hijack This log I need help with

Discussion in 'Computer Security' started by The Peasant, Feb 20, 2004.

  1. The Peasant

    The Peasant Guest

    Hi,

    A family member decided to download Messenger Plus and a few other
    programs. Since then all sorts of rubbish has appeared on my computer.
    After using AdAware, Spybot and Spy Sweeper, I'm still having a few
    problems (eg mywebsearchnow appearing regularly, casino pop ups etc).
    This is my log for Hijack This - have had problems accessing the
    recommended forums to discuss this online (it just goes to the
    mywebsearch now page!). Was wondering what I can safely delete.

    Thanks!


    Logfile of HijackThis v1.97.7
    Scan saved at 1:37:29 PM, on 20/02/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\TEAMSP~1\TypeRoad.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://broadband.optusnet.com.au
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer provided by OptusNet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = proxy.ozemail.com.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {57B2C092-DD2B-4EE8-B912-ED990AC61883} -
    C:\PROGRA~1\BIRDCA~1\idlepart.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
    C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
    C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\Msdxm.ocx
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet
    Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    2\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [stupidfunk] C:\PROGRA~1\TEAMSP~1\TypeRoad.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk =
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client -
    http://qld-chat.bigpond.com/java/cr.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Literati -
    http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support)
    - http://www-306.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
    Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
    International Setup Player) -
    http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A}
    (EmailImport.EmailImportControl) -
    http://www.friendster.com/import/emailimport.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
    Registry Information Class) -
    http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload
    Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4317/mcfscan.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
    The Peasant, Feb 20, 2004
    #1
    1. Advertising

  2. The Peasant

    kulm_nd Guest

    You can search for what each startup listing means at
    http://www.sysinfo.org/startuplist.php

    --

    ************************************************

    g-w


    "The Peasant" <> wrote in message
    news:...
    > Hi,
    >
    > A family member decided to download Messenger Plus and a few other
    > programs. Since then all sorts of rubbish has appeared on my computer.
    > After using AdAware, Spybot and Spy Sweeper, I'm still having a few
    > problems (eg mywebsearchnow appearing regularly, casino pop ups etc).
    > This is my log for Hijack This - have had problems accessing the
    > recommended forums to discuss this online (it just goes to the
    > mywebsearch now page!). Was wondering what I can safely delete.
    >
    > Thanks!
    >
    >
    > Logfile of HijackThis v1.97.7
    > Scan saved at 1:37:29 PM, on 20/02/2004
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\System32\GEARSEC.EXE
    > C:\Program Files\Norton AntiVirus\navapsvc.exe
    > C:\Program Files\Norton Internet Security\NISUM.EXE
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    > C:\Program Files\Norton Internet Security\NISSERV.EXE
    > C:\Program Files\Norton Internet Security\SymProxySvc.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\htpatch.exe
    > C:\WINDOWS\SOUNDMAN.EXE
    > C:\Program Files\Ahead\InCD\InCD.exe
    > C:\Program Files\Norton Internet Security\IAMAPP.EXE
    > C:\PROGRA~1\NORTON~1\navapw32.exe
    > C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > C:\Program Files\iTunes\iTunesHelper.exe
    > C:\Program Files\QuickTime\qttask.exe
    > C:\PROGRA~1\TEAMSP~1\TypeRoad.exe
    > C:\Program Files\iPod\bin\iPodService.exe
    > C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    > C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    > C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    > C:\Program Files\WinZip\WZQKPICK.EXE
    > C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    > C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Downloads\HijackThis.exe
    >
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://broadband.optusnet.com.au
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    > Microsoft Internet Explorer provided by OptusNet
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyServer = proxy.ozemail.com.au:8080
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyOverride = 127.0.0.1
    > O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    > O2 - BHO: (no name) - {57B2C092-DD2B-4EE8-B912-ED990AC61883} -
    > C:\PROGRA~1\BIRDCA~1\idlepart.dll
    > O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
    > C:\PROGRA~1\FlashGet\jccatch.dll
    > O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    > C:\Program Files\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: Norton AntiVirus -
    > {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    > AntiVirus\NavShExt.dll
    > O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
    > C:\PROGRA~1\FlashGet\fgiebar.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\Msdxm.ocx
    > O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    > O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    > O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    > O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    > O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    > O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet
    > Security\IAMAPP.EXE
    > O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    > O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    > 2\MsgPlus.exe"
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > Files\Real\Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    > Files\iTunes\iTunesHelper.exe
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [stupidfunk] C:\PROGRA~1\TEAMSP~1\TypeRoad.exe
    > O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    > 2\MsgPlus.exe" /WinStart
    > O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    > Files\Yahoo!\Messenger\ypager.exe -quiet
    > O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    > Sweeper\SpySweeper.exe /0
    > O4 - Global Startup: hpoddt01.exe.lnk = ?
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office10\OSA.EXE
    > O4 - Global Startup: officejet 6100.lnk = ?
    > O4 - Global Startup: Symantec Fax Starter Edition Port.lnk =
    > C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    > O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    > Files\WinZip\WZQKPICK.EXE
    > O8 - Extra context menu item: Download All by FlashGet - C:\Program
    > Files\FlashGet\jc_all.htm
    > O8 - Extra context menu item: Download using FlashGet - C:\Program
    > Files\FlashGet\jc_link.htm
    > O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    > Files\Yahoo!\Common/ycdict.htm
    > O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    > Files\Yahoo!\Common/ycsrch.htm
    > O9 - Extra button: FlashGet (HKLM)
    > O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    > O9 - Extra button: Messenger (HKLM)
    > O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O16 - DPF: ConferenceRoom Java Client -
    > http://qld-chat.bigpond.com/java/cr.cab
    > O16 - DPF: Yahoo! Chat -
    > http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    > O16 - DPF: Yahoo! Literati -
    > http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    > http://messenger.zone.msn.com/binary/msgrchkr.cab
    > O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    > http://www.apple.com/qtactivex/qtplugin.cab
    > O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    > Control) -

    http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    > O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    >

    http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    > Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    > O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    > Conferencing) -

    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    > - http://download.yahoo.com/dl/installs/yinst.cab
    > O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
    >

    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    > O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    > Installation Engine) -
    > http://office.microsoft.com/officeupdate/content/opuc.cab
    > O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    > -

    http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    > O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support)
    > - http://www-306.ibm.com/pc/support/IbmEgath.cab
    > O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
    > Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    > (MessengerStatsClient Class) -
    > http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    > O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
    > International Setup Player) -
    > http://www.installengine.com/engine/isetup.cab
    > O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A}
    > (EmailImport.EmailImportControl) -
    > http://www.friendster.com/import/emailimport.cab
    > O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
    > Registry Information Class) -
    > http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload
    > Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    > Object) -

    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    > O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    >

    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4317/mcfscan.cab
    > O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    > Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
    kulm_nd, Feb 20, 2004
    #2
    1. Advertising

  3. The Peasant

    Jbob Guest

    Jbob, Feb 20, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rich Gabriele

    Hijack This Log - Please Help

    Rich Gabriele, May 26, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    425
    °Mike°
    May 26, 2004
  2. TyzNanny

    Need help on Hijack This log

    TyzNanny, Jun 10, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    451
    °Mike°
    Jun 10, 2004
  3. woodlandplayer

    need help reading my hijack this log

    woodlandplayer, Aug 17, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    559
    woodlandplayer
    Aug 20, 2004
  4. woodlandplayer

    Need help reading hijack this log

    woodlandplayer, Aug 18, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    484
    °Mike°
    Aug 18, 2004
  5. joevan

    Hijack log- Help request

    joevan, Jun 19, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    492
    pcbutts1
    Jun 19, 2005
Loading...

Share This Page