The version of Internet Explorer your currently using is out of date and should be upgraded to the newest version as soon as possible.
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThisin it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WP.EXE
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O9 - Extra button: Microsoft AntiSpyware helper - {EDEDEBA4-F3F5-4F22-A59B-48D6DB357951} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EDEDEBA4-F3F5-4F22-A59B-48D6DB357951} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149
Now, with all windows closed except HiJackThis, click "Fix checked".
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting your PC, post back a new log and let me know how everything goes.
The version of Internet Explorer your currently using is out of date, and should be upgraded to the newest version as soon as possible.
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThisin it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O15 - Trusted IP range: 206.161.125.149
Now, with all windows closed except HiJackThis, click "Fix checked".
OK. Just a few more things for you to do... Firstly download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.
Right click on the file and choose Install.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Neither of these will probably fix the blue screen. So try this; Go to system properties (right click MyComputer > properties) > Advanced tab > under startup and recovery click settings > under System failure make sure "Write an event to the system log" is checked AND that "Automatically restart" is UNchecked. Then under *write debugging info* select (none) > Click "OK" and reboot.
My bad. Unzip the file 'delete domains' and then right click on that file, select install and all entries in the trusted and restricted zones will be removed.
Hey Crunchie
I did a netscape search for the following words:
desktop background blue screen trojan-spy.html.smitfraud
And got another forum.
And below is what I did to get rid of the blue screen:
I clicked on START>RUN>regedit>HKEY-CURRENT USERS>Ticked SOFTWARE>Microsoft>Windows>Policies>System
And deleted any key values that had the word NoDesktop or No in it...
Then I go back to my desktop and my background option was back and I got rid of that screen...
Since that is now fixed. have you had time to check out my last logfile. Is everything ok in it.
Seems like no file name. I follow the instruction given by General Keebler.
Announcements in Forum: Spyware/Virus/Trojan Discussion
Downloaded most of the software.
1. hijackthis_199
2. Spybot-Search & Destroy
3. Ad-Aware SE Personal
4. AVG Antivirus
5. Opera
After connected to internet for over 10 minutes, the whole pc start to jam! All programs stuck and run very very slow. I even install a Firewall but i must suspend when i connect to internet or else error message will popup for emmidiate shut down/restart saying overflow memory buffer or something like that.. Headache! Suffering for 5 days now. Formatting for 6 times! Format all drive and install Norton Antivirus before connect to internet but.. after trying to update virus definition, popup alert suggesting to a certain website appear and appear and appear! :bawling:
Logfile of HijackThis v1.99.1
Scan saved at 1:16:30 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Logfile of HijackThis v1.99.1
Scan saved at 1:16:30 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Logfile of HijackThis v1.99.1
Scan saved at 1:53:12 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Comments
Hi! let's see what we can do
===============
The version of Internet Explorer your currently using is out of date and should be upgraded to the newest version as soon as possible.
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WP.EXE
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {EDEDEBA4-F3F5-4F22-A59B-48D6DB357951} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EDEDEBA4-F3F5-4F22-A59B-48D6DB357951} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"
files...
C:\WP.EXE
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting your PC, post back a new log and let me know how everything goes.
-
crunchie.
===============
The version of Internet Explorer your currently using is out of date, and should be upgraded to the newest version as soon as possible.
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O15 - Trusted IP range: 206.161.125.149
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
After rebooting your PC, post back a new log.
-
crunchie.
Right click on the file and choose Install.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Neither of these will probably fix the blue screen. So try this; Go to system properties (right click MyComputer > properties) > Advanced tab > under startup and recovery click settings > under System failure make sure "Write an event to the system log" is checked AND that "Automatically restart" is UNchecked. Then under *write debugging info* select (none) > Click "OK" and reboot.
-
crunchie.
All it is when I unzip the file is a notebook like Icon. There is nothing else along with it. No other Icons in the file.
Thanks
I did a netscape search for the following words:
desktop background blue screen trojan-spy.html.smitfraud
And got another forum.
And below is what I did to get rid of the blue screen:
I clicked on START>RUN>regedit>HKEY-CURRENT USERS>Ticked SOFTWARE>Microsoft>Windows>Policies>System
And deleted any key values that had the word NoDesktop or No in it...
Then I go back to my desktop and my background option was back and I got rid of that screen...
Since that is now fixed. have you had time to check out my last logfile. Is everything ok in it.
Thanks So Much
I had the same problem like Bluescreen2 before but it's solve now.
I had another problem with my pc everytime i connect to internet.
AVG Antivirus keep detecting this!
Trojan Horse "BackDoor.Small.27.AQ"
File name: ".exe"
Location: "windows\system32\.exe"
Seems like no file name. I follow the instruction given by General Keebler.
Announcements in Forum: Spyware/Virus/Trojan Discussion
Downloaded most of the software.
1. hijackthis_199
2. Spybot-Search & Destroy
3. Ad-Aware SE Personal
4. AVG Antivirus
5. Opera
After connected to internet for over 10 minutes, the whole pc start to jam! All programs stuck and run very very slow. I even install a Firewall but i must suspend when i connect to internet or else error message will popup for emmidiate shut down/restart saying overflow memory buffer or something like that.. Headache! Suffering for 5 days now. Formatting for 6 times! Format all drive and install Norton Antivirus before connect to internet but.. after trying to update virus definition, popup alert suggesting to a certain website appear and appear and appear! :bawling:
Scan saved at 1:16:30 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\anvshell.exe
G:\Program Files\VIAudioi\SBADeck\ADeck.exe
G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Prevx Home\SAGUI.exe
G:\WINDOWS\System32\RunDLL32.exe
G:\WINDOWS\System32\rundll32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Prevx Home\PXAgent.exe
G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
G:\Program Files\WinPoET Broadband Connection\WrOS.EXE
G:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AudioDeck] G:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [a-winpoet-service] "G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PrevxHome] G:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8253A2-DDB9-470F-B169-A7370A58AFDE}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - G:\Program Files\Prevx Home\PXAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - G:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Logfile of HijackThis v1.99.1
Scan saved at 1:16:30 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\anvshell.exe
G:\Program Files\VIAudioi\SBADeck\ADeck.exe
G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Prevx Home\SAGUI.exe
G:\WINDOWS\System32\RunDLL32.exe
G:\WINDOWS\System32\rundll32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Prevx Home\PXAgent.exe
G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
G:\Program Files\WinPoET Broadband Connection\WrOS.EXE
G:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AudioDeck] G:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [a-winpoet-service] "G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PrevxHome] G:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8253A2-DDB9-470F-B169-A7370A58AFDE}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - G:\Program Files\Prevx Home\PXAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - G:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Scan saved at 1:53:12 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\userinit32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\anvshell.exe
G:\Program Files\VIAudioi\SBADeck\ADeck.exe
G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Prevx Home\SAGUI.exe
G:\WINDOWS\System32\RunDLL32.exe
G:\WINDOWS\System32\rundll32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Prevx Home\PXAgent.exe
G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
G:\Program Files\WinPoET Broadband Connection\WrOS.EXE
G:\Program Files\Opera\opera.exe
G:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AudioDeck] G:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [a-winpoet-service] "G:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PrevxHome] G:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8253A2-DDB9-470F-B169-A7370A58AFDE}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - G:\Program Files\Prevx Home\PXAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - G:\Program Files\WinPoET Broadband Connection\WrOS.EXE