mijn log : Logfile of HijackThis v1.97.7
Scan saved at 23:39:31, on 11-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Mijn documenten\MsgPlus.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
D:\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Kazaa K++\Kazaa.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Ria\Mijn documenten\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\java\classes\mainurl.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymlwzxsckcckbmryhgbzjw.n...Sax9AcqVKldHeJsvHqUV8_HINeN0APuBDeIpMlij.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.njayjfvisenbwognomudzdmpx.us/qPB2C3EcSLZk1KsOsGUxaZ_TqPYE0Go7BXVXzP58Z1Y.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\Ria\LOCALS~1\Temp\bilniw.dat
O2 - BHO: (no name) - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\Ria\LOCALS~1\Temp\lruniam.dat
O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
O2 - BHO: (no name) - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\Linda\LOCALS~1\Temp\dvdsnd.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\Ria\LOCALS~1\Temp\sod3pm.dat
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\NavShExt.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {E6AB4AE6-21B5-5CAC-34EB-82A3428B8332} - C:\DOCUME~1\Linda\APPLIC~1\ATOMSU~1\regsford.exe
O2 - BHO: (no name) - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\Ria\LOCALS~1\Temp\vrsptf.dat
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\Ria\LOCALS~1\Temp\sod3pm.dat
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Mijn documenten\MsgPlus.exe"
O4 - HKLM\..\Run: [mp3dos] C:\WINDOWS\Fonts\mp3dos.exe
O4 - HKLM\..\Run: [*mp3dos] C:\WINDOWS\Fonts\mp3dos.exe
O4 - HKLM\..\Run: [*mstask] C:\WINDOWS\Config\mstask.exe
O4 - HKLM\..\Run: [*winlib] C:\WINDOWS\Config\winlib.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [*basrun] C:\WINDOWS\basrun.exe
O4 - HKLM\..\Run: [*cabeula] C:\WINDOWS\msagent\chars\cabeula.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [*dnsdvd] C:\WINDOWS\security\dnsdvd.exe
O4 - HKLM\..\Run: [*olehard] C:\WINDOWS\msagent\chars\olehard.exe
O4 - HKLM\..\Run: [*srvbak] C:\WINDOWS\inf\srvbak.exe
O4 - HKLM\..\Run: [*mainurl] C:\WINDOWS\java\classes\mainurl.exe
O4 - HKLM\..\Run: [*infoiis] C:\WINDOWS\Cursors\infoiis.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [*ipacc] C:\WINDOWS\Help\ipacc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [*ftpsrv] C:\WINDOWS\repair\ftpsrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGAM~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Mijn documenten\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PLANMAIL] C:\DOCUME~1\Ria\APPLIC~1\INTRAP~1\firstgrim.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [*mainurl] C:\WINDOWS\java\classes\mainurl.exe rerun
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\Cursors\hardodbc.exe ren time:1100155352
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Progamma's Ria\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGAM~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/117/bridge-c17.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38211.1738078704
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
bvd Oakleyz
Scan saved at 23:39:31, on 11-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Mijn documenten\MsgPlus.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
D:\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Kazaa K++\Kazaa.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Ria\Mijn documenten\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\java\classes\mainurl.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymlwzxsckcckbmryhgbzjw.n...Sax9AcqVKldHeJsvHqUV8_HINeN0APuBDeIpMlij.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.njayjfvisenbwognomudzdmpx.us/qPB2C3EcSLZk1KsOsGUxaZ_TqPYE0Go7BXVXzP58Z1Y.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\Ria\LOCALS~1\Temp\bilniw.dat
O2 - BHO: (no name) - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\Ria\LOCALS~1\Temp\lruniam.dat
O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
O2 - BHO: (no name) - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\Linda\LOCALS~1\Temp\dvdsnd.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\Ria\LOCALS~1\Temp\sod3pm.dat
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\NavShExt.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {E6AB4AE6-21B5-5CAC-34EB-82A3428B8332} - C:\DOCUME~1\Linda\APPLIC~1\ATOMSU~1\regsford.exe
O2 - BHO: (no name) - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\Ria\LOCALS~1\Temp\vrsptf.dat
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\Ria\LOCALS~1\Temp\sod3pm.dat
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Mijn documenten\MsgPlus.exe"
O4 - HKLM\..\Run: [mp3dos] C:\WINDOWS\Fonts\mp3dos.exe
O4 - HKLM\..\Run: [*mp3dos] C:\WINDOWS\Fonts\mp3dos.exe
O4 - HKLM\..\Run: [*mstask] C:\WINDOWS\Config\mstask.exe
O4 - HKLM\..\Run: [*winlib] C:\WINDOWS\Config\winlib.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [*basrun] C:\WINDOWS\basrun.exe
O4 - HKLM\..\Run: [*cabeula] C:\WINDOWS\msagent\chars\cabeula.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [*dnsdvd] C:\WINDOWS\security\dnsdvd.exe
O4 - HKLM\..\Run: [*olehard] C:\WINDOWS\msagent\chars\olehard.exe
O4 - HKLM\..\Run: [*srvbak] C:\WINDOWS\inf\srvbak.exe
O4 - HKLM\..\Run: [*mainurl] C:\WINDOWS\java\classes\mainurl.exe
O4 - HKLM\..\Run: [*infoiis] C:\WINDOWS\Cursors\infoiis.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [*ipacc] C:\WINDOWS\Help\ipacc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [*ftpsrv] C:\WINDOWS\repair\ftpsrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGAM~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Mijn documenten\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PLANMAIL] C:\DOCUME~1\Ria\APPLIC~1\INTRAP~1\firstgrim.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [*mainurl] C:\WINDOWS\java\classes\mainurl.exe rerun
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\Cursors\hardodbc.exe ren time:1100155352
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Progamma's Ria\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGAM~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/117/bridge-c17.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38211.1738078704
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
bvd Oakleyz
