how-to block ads
|
 
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
| Re: Popups said by pream  :
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »server224.smartbotpro.net/7search/?003-nhp
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL (file missing)
O2 - BHO: (no name) - {338DB36D-828A-4D18-8864-977B09C4B8A7} - C:\WINDOWS\SYSTEM\QDBGHELP.DLL
O4 - HKLM\..\Run: [5QEKE7T5NG9WG2] C:\WINDOWS\SYSTEM\Rcn0.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - »www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - »www.fastaccesstools.com/sdccommo···tlpw.cab
You've got the Peper trojan among other things.
To deal with the Peper trojan, do the following:
1. Download and run this file to fix the Peper Trojan: »home01.wxs.nl/~kleyn080/uninst.exe
Double click on 'uninst.exe', let it run and terminate.
2. To delete the related files download the following tool:
»www.mjc1.com/files/mo/drpepertobackup.exe
Double-click the downloaded file and it will extract to C:\drpeper
Navigate to the C:\drpeper folder and double-click "Find backup and Delete Peper files.vbs"
At the first prompt copy and paste: Rcn0.exe and hit ok.
You will get a confirmation notice, then a second prompt:
At the second prompt, paste: ZMZ4.EXE and hit ok.
It will find all the files, delete them and will make backups in the same folder. It will then open a text file (Peper.txt) with the list of all files deleted. Make sure that text file is saved.
Next, with all browser windows closed, rescan with Hijack This and put a check next to any of the items I listed above that remain, then click "Fix Checked". Reboot, rescan with Hijack This and post a new log here together with the contents of the Peper.txt file you saved earlier.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? | |
| | 
pream
join:2001-02-03
Jupiter, FL | Re: Popups I have downloaded the two files and run them. When I run Find backup and delete oeoer files.vbs, it prompts for the file. When I enter Rcn0.exe, it appears to run for about 2 minutes and then I get an "out of memory" message.
Any ideas? | |
| | |
pream
join:2001-02-03
Jupiter, FL | Re: Popups Also I deleted all from startup with the same result. | |
| | | |
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
| Re: Popups So the first file ran without a problem? You may want to try booting to safe mode and running "Find backup and Delete Peper files.vbs" from there.
You might also want to check in NAV's options under Script Blocking and verify that it's set to "Ask Me What to Do", as the other option would prevent this from running without a prompt and could probably cause an error like that.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? | |
| | | | |
pream
join:2001-02-03
Jupiter, FL | Re: Popups Yes the first file ran fine. I tried running "Find backup and Delete Peper files.vbs" from safe mode, but got the same result. | |
| | | | | |
pream
join:2001-02-03
Jupiter, FL
| Re: Popups I have to leave now. Thanks all for your help. It looks like the first job got rid of the two files from starting. I am posting the latest hijackthis. If there is any more I can do, I might be able to guide my son through it over the phone.
Logfile of HijackThis v1.97.7
Scan saved at 7:30:24 PM, on 1/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODMANAGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BROADBAND\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »hometab.bellsouth.net/
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .mfg: C:\PROGRA~1\INTERN~1\PLUGINS\npmirage.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - »www.installengine.com/engine/isetup.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - »chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - »fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - »www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···12268519
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - »www.fastaccesstools.com/sdccommo···tlpw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - »lg.home.microsoft.com/search/lob···ings.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1408.g.akamai.net/7/1408/9955/2···etup.exe | |
| 
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| I cannot find anything on theses 2 exes and they seem to be suspicious.
C:\WINDOWS\SYSTEM\ZMZ4.EXE
C:\WINDOWS\SYSTEM\RSAQS5.EXE
Someone thinks that RSAQS5.EXE is a trojan, but I cannot confirm that.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
| |
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
1 edit | Re: Popups said by John2g :
I cannot find anything on theses 2 exes and they seem to be suspicious.
C:\WINDOWS\SYSTEM\ZMZ4.EXE
C:\WINDOWS\SYSTEM\RSAQS5.EXE
Someone thinks that RSAQS5.EXE is a trojan, but I cannot confirm that.
Those both look to be part of the Peper trojan I mentioned above. They'll be removed if you use the uninstall procedure I listed.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? | |
| |
pream
join:2001-02-03
Jupiter, FL | I have done searches for both of these and cannot find them. He is running NAV 2002. | |
| | |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| Re: Popups said by pream :
I have done searches for both of these and cannot find them. He is running NAV 2002.
He may have these as hidden files. To unhide them, go to Control Panel\Folder Options\View and "uncheck" Hide protected operating system files.
Then recheck, as they are listed in running applications in HJT.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| As a general point, your son may be getting pop ups as a result of running "Windows Messenger"
You can overcome this by downloading and running shootthemessenger from: »grc.com/stm/shootthemessenger.htm
Another way of stopping most pop ups is to DISABLE Java and Active Scripting in Internet Explorer. Go to Tools\Internet Options\Security and click the "Internet" icon and choose "Custom" and you can alter the settings there.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
| |
pream
join:2001-02-03
Jupiter, FL | Re: Popups Shootthemessanger does not support Windows ME. | |
| | |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| Re: Popups said by pream :
Shootthemessanger does not support Windows ME.
I'm sorry. I had forgotten he was using ME.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| I am NOT an expert, but I think you should have HJT fix the following entries.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »server224.smartbotpro.net/7search/?003..
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL (file missing)
O2 - BHO: (no name) - {338DB36D-828A-4D18-8864-977B09C4B8A7} - C:\WINDOWS\SYSTEM\QDBGHELP.DLL
O4 - HKLM\..\Run: [5QEKE7T5NG9WG2] C:\WINDOWS\SYSTEM\Rcn0.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
|
pream
join:2001-02-03
Jupiter, FL
| Popups I am my son's computer. Windows ME. He has a popup nightmare. One after another. He has allowed many people to download onto this system. I have been working each time I am here to try to correct, with no success. I have run Spybot. Now Hijackthis. Any help would be greatly appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 12:37:45 PM, on 1/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODMANAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS\SYSTEM\ZMZ4.EXE
C:\WINDOWS\SYSTEM\RSAQS5.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\DOWNLOAD\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »server224.smartbotpro.net/7search/?003-nhp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »hometab.bellsouth.net/
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {338DB36D-828A-4D18-8864-977B09C4B8A7} - C:\WINDOWS\SYSTEM\QDBGHELP.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [5QEKE7T5NG9WG2] C:\WINDOWS\SYSTEM\Rcn0.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .mfg: C:\PROGRA~1\INTERN~1\PLUGINS\npmirage.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - »www.installengine.com/engine/isetup.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - »chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - »fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - »www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···12268519
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - »www.fastaccesstools.com/sdccommo···tlpw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - »lg.home.microsoft.com/search/lob···ings.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1408.g.akamai.net/7/1408/9955/2···etup.exe | |
| | | |
|
