crazy E2G and E2Give
PsycoKillr
Mason City, Iowa
Hi all. I've been trying to get this crazy e2g and e2give stuff off of my computer but to no avail. i've tried everything i can think of. I downloaded so many tools to help that it just became more of a hassle. does anyone have any suggestions for me. it's either fix it or rent a room at the loony house for me.:banghead:
0
This discussion has been closed.
Comments
I need to see a HijackThis log.
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.Logfile of HijackThis v1.99.1
Scan saved at 4:09:54 PM, on 07/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.0.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
Logitech Desktop Messenger << This is optional, but personally the program is unnecessary. More info here
My Web Search or anything related to My Web Search
=====
Make sure you have all windows and programs closed when running the following tool.
Please download E2TakeOut by Rubber Ducky from here:
http://www.malwarebytes.org/E2TakeOut.zip
I would like to see another log from HijackThis.
E2TakeOut v1.01 [http://www.malwarebytes.org]
Error Removing! C:\WINDOWS\system32\inicfg32.dll
Removed orphaned leftovers
AppInit key reset
and the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:38:17 PM, on 07/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.0.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Ad-Aware SE Personal
Adobe Reader 7.0
Avant Browser (remove only)
AVG Free Edition
BearShare
CCScore
Crazy Browser version 2.0.1
Demolition Derby & Figure 8 Race
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
HLPIndex
HLPRFO
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
KTTC Desktop Alert
Lexmark X83
LimeWire
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Small Business
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSN Music Assistant
Mystery Case Files - Huntsville
Mystery Case Files - Prime Suspects
Notifier
NVIDIA Display Driver
OTtBPSDK
PCDADDIN
PCDHELP
Pop-Up Stopper Free Edition
RenGuard
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VPRINTOL
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Messenger
Java 2 Runtime Environment Standard Edition v1.3.1_04
Then download the latest version of Java Runtime Environment, and install it to your computer.
Also, I see you have AVG and Norton/Symantec. Having two Anti-Virus software protection can cause problems. Please uninstall one of them!
=====
Disable the following programs otherwise they will interfere with the fix:
Windows Defender
1) Open Windows Defender.
2) Click on Tools > General Settings.
3) Scroll Down and Uncheck Turn on real-time Protection (recommended).
4) After you uncheck these, click on the Save button and close Windows Defender.
5) Right click on the Windows Defender icon on the taskbar and select Shutdown Windows Defender.
SpyBots TeaTimer
1) Run Spybot Search & Destroy
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Exit SpyBot
You can enable these once we have finished.
=====
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O20 - AppInit_DLLs: inicfg32.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
=====
Please download Killbox and save it to your desktop.
Next, copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Post a new HijackThis log and a new Uninstall list.
Logfile of HijackThis v1.99.1
Scan saved at 5:35:26 PM, on 07/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.0.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E2TakeOut v1.01 [http://www.malwarebytes.org]
Error Removing! C:\WINDOWS\system32\inicfg32.dll
Removed orphaned leftovers
AppInit key reset
Ad-Aware SE Personal
Adobe Reader 7.0
Avant Browser (remove only)
AVG Free Edition
BearShare
CCScore
Crazy Browser version 2.0.1
Demolition Derby & Figure 8 Race
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
HLPIndex
HLPRFO
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
KTTC Desktop Alert
Lexmark X83
LimeWire
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Small Business
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSN Music Assistant
Mystery Case Files - Huntsville
Mystery Case Files - Prime Suspects
Notifier
NVIDIA Display Driver
OTtBPSDK
PCDADDIN
PCDHELP
Pop-Up Stopper Free Edition
RenGuard
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VPRINTOL
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Messenger
1) Open Windows Defender.
2) Click on Tools > Options.
3) Under Real-time protection option uncheck Use real-time Protection (recommended).
4) After you uncheck this, click on the Save button and close Windows Defender.
5) Right click on the Windows Defender icon on the taskbar and select Shutdown Windows Defender.
=====
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O20 - AppInit_DLLs: inicfg32.dll
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
=====
Next, copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Post a new HijackThis log and a new Uninstall list.
Logfile of HijackThis v1.99.1
Scan saved at 7:03:15 AM, on 07/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
and uninstall log.
Ad-Aware SE Personal
Adobe Reader 7.0
Avant Browser (remove only)
AVG Free Edition
BearShare
CCScore
Crazy Browser version 2.0.1
Demolition Derby & Figure 8 Race
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
HLPIndex
HLPRFO
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
KTTC Desktop Alert
Lexmark X83
LimeWire
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Small Business
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSN Music Assistant
Mystery Case Files - Huntsville
Mystery Case Files - Prime Suspects
Notifier
NVIDIA Display Driver
OTtBPSDK
PCDADDIN
PCDHELP
Pop-Up Stopper Free Edition
RenGuard
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VPRINTOL
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Messenger
To reboot your computer in SafeMode do the following:
Post the log from E2TakeOut, along with a new HijackThis log.
E2TakeOut v1.01 [http://www.malwarebytes.org]
Error Removing! C:\WINDOWS\system32\inicfg32.dll
Removed orphaned leftovers
AppInit key reset
E2TakeOut v1.01 [http://www.malwarebytes.org]
Error Removing! C:\WINDOWS\system32\inicfg32.dll
Removed orphaned leftovers
AppInit key reset
E2TakeOut v1.01 [http://www.malwarebytes.org]
Error Removing! C:\WINDOWS\system32\inicfg32.dll
Removed orphaned leftovers
AppInit key reset
and the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 9:35:26 AM, on 07/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
It seems Windows Defender is not being disabled properly as it still shows in your HJT log. Windows Defender can block or reverse any changes we make, and we don't want that. So can you uninstall Windows Defender for now please.
Once that is done, do the following:
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
EDIT:
I would also like to see another log from HijackThis.
-Your computer settings may prevent aquiring these privileges
-A malicious program might have disabled these privileges:banghead:
Can you do this please:
StartupList report, 07/26/2006, 10:13:12 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Tami Sloss\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Lexmark X83 Button Monitor = C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
Lexmark X83 Button Manager = C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
eTrustPPAP = "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
My Web Search Bar = rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
(Default) =
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
FreeRAM XP = "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
Weather = C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=inicfg32.dll,
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\E2G\IeBHOs.dll (file missing) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
Enumerating Task Scheduler jobs:
*No jobs found*
Enumerating Download Program Files:
[6th Street Omaha Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\6th Street Omaha Poker by pogo.osd
[Aces Up! by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Aces Up! by pogo.osd
[Backgammon by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Backgammon by pogo.osd
[Battle Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Battle Phlinx by pogo.osd
[Blackjack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd
[Blooop by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blooop by pogo.osd
[Bowling by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Bowling by pogo.osd
[Canasta by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Canasta by pogo.osd
[Checkers by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd
[Dice City Roller by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice City Roller by pogo.osd
[Dice Derby by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd
[Euchre by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Euchre by pogo.osd
[First Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\First Class Solitaire by pogo.osd
[Fortune Bingo by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd
[Greenback Bayou by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd
[Harvest Mania by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Harvest Mania by pogo.osd
[Hearts by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Hearts by pogo.osd
[High Stakes Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Poker by pogo.osd
[Jigsaw Detective by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jigsaw Detective by pogo.osd
[Jungle Gin by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd
[Lost Temple Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lost Temple Poker by pogo.osd
[Lottso by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lottso by pogo.osd
[Mah Jong Garden by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[Multiline Slots by pogo]
CODEBASE = http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd
[Pai Gow by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pai Gow by pogo.osd
[Payday FreeCell by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Payday FreeCell by pogo.osd
[Penguin Blocks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Penguin Blocks by pogo.osd
[Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd
[Pinochle by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pinochle by pogo.osd
[Pirate's Gold by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pirate's Gold by pogo.osd
[Pop Fu by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd
[PoppaZoppa by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\PoppaZoppa by pogo.osd
[Poppit by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd
[Quick Quack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Quick Quack by pogo.osd
[QWERTY by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\QWERTY by pogo.osd
[Ride The Tide by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Ride The Tide by pogo.osd
[Showbiz Slots 2 by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Showbiz Slots 2 by pogo.osd
[Shuffle Bump by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Shuffle Bump by pogo.osd
[Spades 2 by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spades 2 by pogo.osd
[Spades by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spades by pogo.osd
[Spider Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spider Solitaire by pogo.osd
[Squelchies by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd
[Sweet Tooth TM by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd
[Texas Hold'em Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd
[Tri-Peaks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd
[Tumble Bees by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd
[Wonderland Memories by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Wonderland Memories by pogo.osd
[Word Whomp by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp by pogo.osd
[WordJong by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\WordJong by pogo.osd
[World Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd
[QuickTime Object]
InProcServer32 = blank
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB
[AlternaTIFF ActiveX]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\alttiff.ocx
CODEBASE = http://www.alternatiff.com/install/00/alttiff.cab
[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/viewers/ipixx.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macromedia.com/director/cabs/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
[{88D758A3-D33B-45FD-91E3-67749B4057FA}]
CODEBASE = http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
[F-Secure Online Scanner 2.1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll
CODEBASE = http://support.f-secure.com/ols/fscax.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[SproutLauncherCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll
CODEBASE = http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Enumerating Windows NT/2000/XP services
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
MAC Bridge: system32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: system32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Genesys Logic USB Scanner Controller NT 5.0: System32\Drivers\usbscan.sys (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver: System32\DRIVERS\FA312nd5.sys (manual start)
FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe: C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe -svcstart (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Motorola SURFboard USB Cable Modem Windows Driver: system32\DRIVERS\NetMotCM.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Logitech QuickCam Express(PID_0840): system32\DRIVERS\LVCD.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E72EA2B1-7210-4BD6-87CE-65832A7C9BA2} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Config.Msi\145feb.rbf||C:\WINDOWS\SxsCaPendDel\{98CB24AD-52FB-DB5F-B01F-C8B3B9A1E18E}_00000001||C:\WINDOWS\SxsCaPendDel\{98CB24AD-52FB-DB5F-B01F-C8B3B9A1E18E}_00000002
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
End of report, 44,274 bytes
Report generated in 0.141 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Run this AppInit_DLL's fix...
- Download AppInit_DLLs Fix.
- Unzip the contents of appinitfix.zip to a convenient location.
- Double-click on appinitfix.reg.
- When it asks you to merge the information to the registry click "Yes".
=====Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O20 - AppInit_DLLs: inicfg32.dll,
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
=====
Make sure you still have Killbox.
Next, copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Once rebooted, please post a new HijackThis log and StartupList log.
StartupList report, 07/26/2006, 10:50:22 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Tami Sloss\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Lexmark X83 Button Monitor = C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
Lexmark X83 Button Manager = C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
eTrustPPAP = "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
My Web Search Bar = rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
(Default) =
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
FreeRAM XP = "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
Weather = C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=inicfg32.dll
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\E2G\IeBHOs.dll (file missing) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
Enumerating Task Scheduler jobs:
*No jobs found*
Enumerating Download Program Files:
[6th Street Omaha Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\6th Street Omaha Poker by pogo.osd
[Aces Up! by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Aces Up! by pogo.osd
[Backgammon by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Backgammon by pogo.osd
[Battle Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Battle Phlinx by pogo.osd
[Blackjack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd
[Blooop by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blooop by pogo.osd
[Bowling by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Bowling by pogo.osd
[Canasta by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Canasta by pogo.osd
[Checkers by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd
[Dice City Roller by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice City Roller by pogo.osd
[Dice Derby by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd
[Euchre by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Euchre by pogo.osd
[First Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\First Class Solitaire by pogo.osd
[Fortune Bingo by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd
[Greenback Bayou by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd
[Harvest Mania by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Harvest Mania by pogo.osd
[Hearts by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Hearts by pogo.osd
[High Stakes Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Poker by pogo.osd
[Jigsaw Detective by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jigsaw Detective by pogo.osd
[Jungle Gin by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd
[Lost Temple Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lost Temple Poker by pogo.osd
[Lottso by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lottso by pogo.osd
[Mah Jong Garden by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[Multiline Slots by pogo]
CODEBASE = http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd
[Pai Gow by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pai Gow by pogo.osd
[Payday FreeCell by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Payday FreeCell by pogo.osd
[Penguin Blocks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Penguin Blocks by pogo.osd
[Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd
[Pinochle by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pinochle by pogo.osd
[Pirate's Gold by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pirate's Gold by pogo.osd
[Pop Fu by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd
[PoppaZoppa by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\PoppaZoppa by pogo.osd
[Poppit by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd
[Quick Quack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Quick Quack by pogo.osd
[QWERTY by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\QWERTY by pogo.osd
[Ride The Tide by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Ride The Tide by pogo.osd
[Showbiz Slots 2 by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Showbiz Slots 2 by pogo.osd
[Shuffle Bump by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Shuffle Bump by pogo.osd
[Spades 2 by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spades 2 by pogo.osd
[Spades by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spades by pogo.osd
[Spider Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spider Solitaire by pogo.osd
[Squelchies by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd
[Sweet Tooth TM by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd
[Texas Hold'em Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd
[Tri-Peaks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd
[Tumble Bees by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd
[Wonderland Memories by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Wonderland Memories by pogo.osd
[Word Whomp by pogo]
CODEBASE = http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp by pogo.osd
[WordJong by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\WordJong by pogo.osd
[World Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd
[QuickTime Object]
InProcServer32 = blank
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB
[AlternaTIFF ActiveX]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\alttiff.ocx
CODEBASE = http://www.alternatiff.com/install/00/alttiff.cab
[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/viewers/ipixx.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macromedia.com/director/cabs/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
[{88D758A3-D33B-45FD-91E3-67749B4057FA}]
CODEBASE = http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[F-Secure Online Scanner 2.1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll
CODEBASE = http://support.f-secure.com/ols/fscax.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[SproutLauncherCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll
CODEBASE = http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Enumerating Windows NT/2000/XP services
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
MAC Bridge: system32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: system32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Genesys Logic USB Scanner Controller NT 5.0: System32\Drivers\usbscan.sys (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver: System32\DRIVERS\FA312nd5.sys (manual start)
FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe: C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe -svcstart (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Motorola SURFboard USB Cable Modem Windows Driver: system32\DRIVERS\NetMotCM.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Logitech QuickCam Express(PID_0840): system32\DRIVERS\LVCD.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E72EA2B1-7210-4BD6-87CE-65832A7C9BA2} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
End of report, 44,180 bytes
Report generated in 0.093 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Logfile of HijackThis v1.99.1
Scan saved at 10:55:06 AM, on 07/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
they CControl and the urlsearchhook is in the HJT backups tab. should it be?
I just seen you have PestPatrol. As like the other protection protgrams, that will need to be disabled. Sorry I don't have instructions for it, so you'll need to find out how to disable it. There maybe an icon in the system tray to exit the program.
After doing that, continue below.
Run the AppInit_DLL's fix again and then reboot your computer.
=====
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O20 - AppInit_DLLs: inicfg32.dll
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
=====
Next, copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Continue below
Find and Delete the following:
C:\Program Files\E2G << this folder
C:\Program Files\MyWebSearch << this folder
Please post a new HijackThis logl
C:\Program Files\CA
From there, try to look for an uninstaller.
You may need to look in the other folders - eTrust Internet Security Suite and eTrust PestPatrol Anti-Spyware.
If you can't find it, please remove the following entry with HJT:
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
Continue on after!
Logfile of HijackThis v1.99.1
Scan saved at 12:16:27 PM, on 07/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:16:27 PM, on 07/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FahCore_82.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KTTC Desktop Alert.lnk = C:\Program Files\Common Files\KTTC Desktop Alert\TrueWeather.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.7.0.40/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.6.5.31/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.44/checkers2/checkers-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.26/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.6.5.22/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.0.40/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.2.33/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.32/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.31/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.0.45/freecell/freecell-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.0.32/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.0.32/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.0.40/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.0.27/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.5.31/jumbee/jumbee-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/worldclass/worldclass-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103826001202
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bw+0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {911E590D-080B-4DD3-8B48-EED31C7F756A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FAH@C:+Documents and Settings+Tami Sloss+Local Settings+Temporary Internet Files+Content.IE5+03ZBEOXT+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Tami Sloss\Local Settings\Temporary Internet Files\Content.IE5\03ZBEOXT\FAH504-Console[1].exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe