• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
hobbes557

Hijacked to res://mshp.dll/index.html#37049

8 posts in this topic

My homepage has been hijacked to this res://mshp.dll/index.html#37049. I've used Ad-Aware, and it returns every time the computer is rebooted. I've followed the instructions for removing it on pchell.com and it has still returned.

As well as changing my homepage, it also throws tons of pop-ups at me, it causes slowdown when typing or loading sites, and it seems to be embedding links to its own search engine results in the text to other sites. Words like "game", "casino", "moving", "ice", and many others will turn out to be links to search results from mshp.dll. I'm not sure if this is a new variant, or if I'm just missing something while trying to remove it. Here's the hijackthis log.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:21:38 PM, on 6/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\gearsec.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\mshy.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\msiesh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [EPSON Stylus CX5200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX5200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX5200"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [crow32.exe] C:\WINDOWS\system32\crow32.exe

O4 - HKLM\..\Run: [ieyt.exe] C:\WINDOWS\ieyt.exe

O4 - HKLM\..\Run: [appbo32.exe] C:\WINDOWS\appbo32.exe

O4 - HKLM\..\Run: [sdkai.exe] C:\WINDOWS\system32\sdkai.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...72/mcinsctl.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs8b.instantservice.com/jars/customerxsigned41.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...288/mcfscan.cab

Share this post


Link to post
Share on other sites

Please download About:Buster by RubbeR DuckY ( thats me lol ) from

 

Here

 

Then Unzip it to your desktop. Do not run it yet. Print these directions or paste them into a text document as you will be running with your internet explorer closed. Restarting internet explorer may cause a reinfection.

 

Please start Hijack this and tick the boxes next to these items.

 

O4 - HKLM\..\Run: [crow32.exe] C:\WINDOWS\system32\crow32.exe

O4 - HKLM\..\Run: [ieyt.exe] C:\WINDOWS\ieyt.exe

O4 - HKLM\..\Run: [appbo32.exe] C:\WINDOWS\appbo32.exe

O4 - HKLM\..\Run: [sdkai.exe] C:\WINDOWS\system32\sdkai.exe

 

[For now, when we remove the hijacker we will fix your log more completely.]

 

 

Then close all windows and hit fix checked. Now startup About:Buster. Hit ok on the first prompt and then hit start. Next hit ok. Wait till the scan completes and copy the report and save it somewhere. Rerun About:Buster to make sure everything was deleted. Then restart your computer.

 

It is now safe to reopen Internet explorer. Please post a new hijack this log along with a report.

Share this post


Link to post
Share on other sites

Well, I followed your instructions Duck, and...it didn't help. mshp.dll was back, just like it was the last several times I attempted to fix it. Curses...foiled again. Here's the hijackthis log, and the about report. Suddenly reformatting doesn't sound like such a chore.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:01:58 AM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\McAfee.com\MPS\mscifapp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\gearsec.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\sdkst.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\mshy.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\msiesh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [EPSON Stylus CX5200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX5200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX5200"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - HKLM\..\Run: [sdkst.exe] C:\WINDOWS\sdkst.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...72/mcinsctl.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs8b.instantservice.com/jars/customerxsigned41.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...288/mcfscan.cab

 

 

 

About:Buster Version 1.21

Removed! : C:\WINDOWS\addjs32.exe

Removed! : C:\WINDOWS\addnn.exe

Removed! : C:\WINDOWS\addsg32.exe

Removed! : C:\WINDOWS\apiji32.exe

Removed! : C:\WINDOWS\apisg.exe

Removed! : C:\WINDOWS\apitk.exe

Removed! : C:\WINDOWS\appbo32.exe

Removed! : C:\WINDOWS\appjf.exe

Removed! : C:\WINDOWS\appld.exe

Removed! : C:\WINDOWS\iecr32.exe

Removed! : C:\WINDOWS\iees32.exe

Removed! : C:\WINDOWS\iegl.exe

Removed! : C:\WINDOWS\iemw32.exe

Removed! : C:\WINDOWS\ieyt.exe

Removed! : C:\WINDOWS\ipnl32.exe

Removed! : C:\WINDOWS\ipnp.exe

Removed! : C:\WINDOWS\ipof.exe

Removed! : C:\WINDOWS\javaiw.exe

Removed! : C:\WINDOWS\javaqk32.exe

Removed! : C:\WINDOWS\mszf.exe

Removed! : C:\WINDOWS\netyk.exe

Removed! : C:\WINDOWS\ntrm.exe

Removed! : C:\WINDOWS\sdkqa.exe

Removed! : C:\WINDOWS\sysnj.exe

Removed! : C:\WINDOWS\sysqr.exe

Removed! : C:\WINDOWS\System32\addbc.exe

Removed! : C:\WINDOWS\System32\addpq.exe

Removed! : C:\WINDOWS\System32\addsp32.exe

Removed! : C:\WINDOWS\System32\apinz.exe

Removed! : C:\WINDOWS\System32\apiqd.exe

Removed! : C:\WINDOWS\System32\apiqf.exe

Removed! : C:\WINDOWS\System32\atlpw.exe

Removed! : C:\WINDOWS\System32\atlrg32.exe

Removed! : C:\WINDOWS\System32\crae32.exe

Removed! : C:\WINDOWS\System32\crow32.exe

Removed! : C:\WINDOWS\System32\d3dy.exe

Removed! : C:\WINDOWS\System32\d3re.exe

Removed! : C:\WINDOWS\System32\d3xs.exe

Removed! : C:\WINDOWS\System32\ipfm.exe

Removed! : C:\WINDOWS\System32\netmp32.exe

Removed! : C:\WINDOWS\System32\sdkai.exe

Removed! : C:\WINDOWS\System32\sdkbk.exe

Removed! : C:\WINDOWS\System32\sdkyo32.exe

Removed! : C:\WINDOWS\System32\sysbl32.exe

Removed! : C:\WINDOWS\System32\sysco.exe

Removed! : C:\WINDOWS\System32\sysfr.exe

Removed! : C:\WINDOWS\System32\winrm.exe

Removed! : C:\WINDOWS\System32\winzy.exe

Attempted Clean Of Temp folder.

Pages Reset... Done!

Share this post


Link to post
Share on other sites

Hello rerun the tool in safe mode by tapping F8 several times when the computer is booting. Then restart into normal mode and generate a new Hijack this log to paste here.

Share this post


Link to post
Share on other sites

Hobbes,

 

Read through my post.

 

http://www.spywareinfoforum.com/index.php?showtopic=10202&hl=

 

My post

 

I had the same problem of recurring nightmare. It seems that for whatever the reason, About:Buster was unable to "see" sysco.exe. When I manually deleted is after killing the process, Norton AV caught the file moving to the Trash Bin and reported it as a "Virus Found!" even after I had done a NAV scan and it reported nothing.

 

I probably spent 5 hours tonight going through the process I describe but it finally worked. Maybe Safe mode would have helped avoid all that.

 

Good luck.

 

By the way, Duck, thanks for your tool!

Edited by wjholtjr

Share this post


Link to post
Share on other sites

Wait. If you still have that file somewhere i would like it. If you, do zip it up and send it to TBoY14 at msn .com no spaces all together. at is @. Blocks spammer bots . Then i can add it to the next update.

Share this post


Link to post
Share on other sites

Hey,

After running aboutbuster and CWshredder in safe mode, I think I've gotten it, but I can't be sure. I've been optimistic about it before, only to start my internet up the next day and see that accursed mshp site. Maybe its really gone this time, or maybe not. I'll update again tomorrow. Here's the latest hijackthis log.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:51:05 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\McAfee.com\MPS\mscifapp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\gearsec.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\mshy.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [EPSON Stylus CX5200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX5200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX5200"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [addip32.exe] C:\WINDOWS\addip32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...72/mcinsctl.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs8b.instantservice.com/jars/customerxsigned41.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...288/mcfscan.cab

Share this post


Link to post
Share on other sites

...hmph. So, what happened is, its back. Judging from the info I got on the CoolWebSearch list on Merijn, it's Winshow, as it has the Submithook thing there. The weird thing is, after I deleted everything and ran aboutbuster and cwshredder in Safe mode, I restarted the computer. It was fine, back to my usual startpage. I restarted again, just to be sure. It was still okay. I get up and leave confident in a job well done, come back about twenty minutes later to check my e-mail, and its back. Everything I deleted in Safe mode, every site I changed, everything, was back, and I didn't even log out of my username, the computer stayed on logged in the whole time. Maybe I should kill the programmers who made this mshp thing. No jury in the world would convict me. In fact, they might even give me some kind of cash prize, or at least a very nice fruit basket. Here's the latest hijackthis log.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:11:54 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\gearsec.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\Program Files\hijackthis\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Denise Drotleff\Application Data\mshy\mshy.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [EPSON Stylus CX5200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX5200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX5200"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [addip32.exe] C:\WINDOWS\addip32.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\sdkqh32.dll,Install

O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Common Files\submit.exe"

O4 - HKCU\..\RunOnce: [updater] rundll32 C:\DOCUME~1\DENISE~1\APPLIC~1\mshy\mshy.dll,UpdateDll s

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...72/mcinsctl.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs8b.instantservice.com/jars/customerxsigned41.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...288/mcfscan.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0