Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected-but Not Exactly Sure With What


  • This topic is locked This topic is locked
25 replies to this topic

#1 elin0t

elin0t

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 01 December 2006 - 04:58 PM

I have used adaware, spybot, and my regular virusscan. I am getting critical system error bubbles on my toolbar and when trying to remove them the reccomened product... smitfraudfix is not working. So I used and completed all tasks in the Preparation guide for use before posting a hijack log. So here I am! I need help and need to know what to do next.

Here is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 1:53:08 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brain Codec\isamonitor.exe
C:\Program Files\Brain Codec\isamini.exe
C:\Program Files\Brain Codec\pmsngr.exe
C:\Program Files\Brain Codec\pmmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Roxio\MyTV ToGo\ReadySync.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:



Thank You

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 12:14 AM

Hello elin0t,

I am SifuMike and I will be helping you. :thumbsup:

Please delete the version SmitfraudFix version you have on your computer and download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 01:25 AM

I did do what you asked and delted the one I had and downloaded it again from your link and it is still doing the same thing. I am not suer if I understand the note you included about process.exe
So when I open the smitfraudfix.cmd folder the box comes up with credits telling me to hit any key to continue. When I hit any key the box disappears and nothing else comes up. So something is stopping me from using that, and I still have the critical system error bubbles and pop ups.
Thanks for you help.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 01:50 AM

I am not suer if I understand the note you included about process.exe


Some antivirus programs will mark process.exe as a virus, so if you get that notification ignore it and let it process.exe run. Sorry, I can't explain it any clearer.


Sounds like you are not running it correctly.
This fix works for millions of people without a problem.

Refer to this tutorial http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
and try it again.

Edited by SifuMike, 02 December 2006 - 01:55 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 02:02 AM

Ok I see what you are saying now about the process.exe file. Sorry :thumbsup: So when I click on the smitfraudfix.cmd file and now I am reading what is in that box that comes up.... one of the things says "process.exe file missing! Unzip all the archive in a folder." So this may be a simple task that I am not familiar with but what do I need do to unzip? I don't see that option anywhere.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 02:12 AM

It's (SmitfraudFix.zip) a ZIP file, so once it has downloaded, you will need to extract (unzip) it. :thumbsup:
How to unzip files in Window XP:
http://consumer.installshield.com/kb.asp?id=Q108326

Edited by SifuMike, 02 December 2006 - 02:17 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 02:21 AM

Yes I did unzip after I downloaded it. So when I download smitfraudfix it appears on my desktop as a zip file and I right click and tell it to extract. Then the folder holding the extracted files appears on my desktop and I open that and double click on the smitfraudfix.cmd file and that is where to box comes up tell me that the process.exe file is missing and that I need to unzip the archie to a folder. This is what I don't understand because in the files the process.exe file is there. So I am sorry to be so repetative but I don't think we are on the same page. I know I am reading about hundreds of people using this but for some reason it won't work for me. Any ideas on what is going on with it? Would it be helpful if I sent you a screen shot of the box that appears for me?

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 10:50 AM

Would it be helpful if I sent you a screen shot of the box that appears for me?


Yes, a screenshot would be helpful.

You have to extract (unzip) folder named SmitfraudFixunzip to the desktop - there will be 11 files in the folder.

GenericRenosFix is one of them and is where process.exe should be

Do a file search for process.exe to see if it there.

Delete that smithfraudfix files and folders.

Download again smithfraudfix and be sure that Norton Antivirus does not delete process.exe file.

Edited by SifuMike, 02 December 2006 - 11:24 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 12:54 PM

Posted Image

There is the screen shot. The file genericrenosfix.exe is there and so is process.exe. Let me know what I should do next.
Thanks

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 01:01 PM

Delete the smithfraudfix files and folders.

Download again smithfraudfix.zip, extarct it (unzip) to the Desktop and be sure that Norton Antivirus does not delete process.exe file.

What antivirus are you using? Something other than Norton Antivirus?

Edited by SifuMike, 02 December 2006 - 01:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 01:10 PM

Alright I did delete and download it again. Extracted to my desktop and here is another screenshot. We actually removed Norton that we were using last night because we read that can interfere when trying to get rid of whatever we have.
Posted Image

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 01:16 PM

I would like to see some screen shots
1) desktop screenshot

2) If the Smitfraudfix folder is on the desktop, double click on it to open it. It will make a screen with 11 files in it. Do a screenshot.

It will look like this- see the Use: section http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Edited by SifuMike, 02 December 2006 - 01:22 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 01:28 PM

Here you go....
Posted Image

Posted Image

Thank You

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:08 AM

Posted 02 December 2006 - 01:44 PM

It looks like you did not unzip the files as I asked you to. :thumbsup:


Lets try another way.

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.

Edited by SifuMike, 02 December 2006 - 01:47 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 elin0t

elin0t
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 December 2006 - 02:45 PM

Ok I did the sweep but at the end of the sweep it told me I havet to pay the 30 bucks to remove this stuff-> if I must then I will but I did not yet. Here is the system log from spy sweeper

11:35 AM: Traces Found: 22
11:35 AM: Custom Sweep has completed. Elapsed time 00:38:43
11:35 AM: HKLM\software\microsoft\windows\currentversion\uninstall\internet security add-on\ (ID = 1554174)
11:35 AM: File Sweep Complete, Elapsed Time: 00:34:05
11:30 AM: Warning: Failed to access drive I:
11:30 AM: Warning: Failed to access drive H:
11:30 AM: Warning: Failed to access drive G:
11:30 AM: Warning: Failed to access drive F:
11:25 AM: Warning: Failed to open file "c:\documents and settings\le family\application data\mozilla\firefox\profiles\4al7htar.default\parent.lock". The operation completed successfully
11:22 AM: C:\WINDOWS\system32\xxfgmy.dll (ID = 407257)
11:22 AM: C:\Program Files\Brain Codec\isauninst.exe (ID = 402042)
11:01 AM: Starting File Sweep
11:01 AM: Warning: Failed to access drive A:
11:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:01 AM: c:\documents and settings\le family\cookies\le family@zedo[2].txt (ID = 3762)
11:01 AM: Found Spy Cookie: zedo cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@www.pesttrap[1].txt (ID = 6462)
11:01 AM: Found Spy Cookie: pesttrap cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@tribalfusion[2].txt (ID = 3589)
11:01 AM: Found Spy Cookie: tribalfusion cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@toplist[1].txt (ID = 3557)
11:01 AM: Found Spy Cookie: toplist cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@stats1.reliablestats[1].txt (ID = 3254)
11:01 AM: Found Spy Cookie: reliablestats cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@mediaplex[1].txt (ID = 6442)
11:01 AM: Found Spy Cookie: mediaplex cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@malwarewipe[1].txt (ID = 6467)
11:01 AM: Found Spy Cookie: malwarewipe cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@atdmt[2].txt (ID = 2253)
11:01 AM: Found Spy Cookie: atlas dmt cookie
11:01 AM: c:\documents and settings\le family\cookies\le family@ad.yieldmanager[1].txt (ID = 3751)
11:01 AM: Found Spy Cookie: yieldmanager cookie
11:01 AM: Starting Cookie Sweep
11:01 AM: Registry Sweep Complete, Elapsed Time:00:00:26
11:01 AM: HKU\S-1-5-21-1482476501-507921405-1957994488-1003\software\internet security\ (ID = 1553896)
11:01 AM: HKLM\software\classes\clsid\{588599f4-de26-4c28-ba14-f4eb17e33481}\ (ID = 1860736)
11:01 AM: HKCR\clsid\{588599f4-de26-4c28-ba14-f4eb17e33481}\ (ID = 1860728)
11:01 AM: HKLM\software\classes\typelib\{c97c3b7c-e022-4fa8-b1a7-1c28270ffaff}\ (ID = 1859173)
11:01 AM: HKCR\typelib\{c97c3b7c-e022-4fa8-b1a7-1c28270ffaff}\ (ID = 1859140)
11:01 AM: Found Adware: virusburst
11:01 AM: HKLM\software\microsoft\windows\currentversion\uninstall\internet security add-on\ || uninstallstring (ID = 1858424)
11:01 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || isamonitor.exe (ID = 1704149)
11:01 AM: Found Trojan Horse: trojan-downloader-zlob
11:00 AM: Starting Registry Sweep
11:00 AM: Memory Sweep Complete, Elapsed Time: 00:04:01
10:57 AM: Detected running threat: C:\WINDOWS\system32\xxfgmy.dll (ID = 407257)
10:56 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
10:56 AM: Starting Memory Sweep
10:56 AM: C:\WINDOWS\system32\xxfgmy.dll (ID = 1860744)
10:56 AM: HKCR\clsid\{588599f4-de26-4c28-ba14-f4eb17e33481}\inprocserver32\ (ID = 1860744)
10:56 AM: Found Adware: virusburst fakealert
10:56 AM: Start Custom Sweep
10:56 AM: Sweep initiated using definitions version 811
10:56 AM: Spy Sweeper 5.2.3.2132 started
10:56 AM: | Start of Session, Saturday, December 02, 2006 |
********
10:56 AM: | End of Session, Saturday, December 02, 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:53 AM: Shield States
10:52 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
10:52 AM: Spyware Definitions: 804
10:52 AM: Spy Sweeper 5.2.3.2132 started
10:52 AM: Spy Sweeper 5.2.3.2132 started
10:52 AM: | Start of Session, Saturday, December 02, 2006 |
********

And here is the new hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 11:44:50 AM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brain Codec\isamonitor.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Brain Codec\isamini.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\R4U Soft\Easy Remover 2004 Pro\Easy Pro.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspvideo9.exe -t
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - Startup: XPizeReloader.lnk = C:\WINDOWS\XPize\XPizeReloader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130636931452
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: bw+0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {89FE6D10-2B73-4363-8CC7-B1C300DABDC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users