Full Version: How to remove ZENO pop up adware?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
Anybody can help me how to remove the zeno pop up adware? It look like that ad-aware SE can't remove it
Welcome to the forum.
Could you first please follow these directions and post your Adaware log for review? That way we can see what it is missing and advise from there. Also, did you first try running Adaware in SAFE MODE?
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R112 15.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
(note The Application Data is a hidden folder, so you will need to show hidden files and folders)
Could you first please follow these directions and post your Adaware log for review? That way we can see what it is missing and advise from there. Also, did you first try running Adaware in SAFE MODE?
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R112 15.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
(note The Application Data is a hidden folder, so you will need to show hidden files and folders)
Hi,
Thanks for the reply. I did update the last definition. I catch 13 critical adware, but everytime I use internet explorer Zeno pop reappear. I try to find a way to completely remove this anoying spyware.
Below my log file:
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 19, 2006 5:58:36 PM
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch(TAC index:4):8 total references
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
6-19-2006 5:58:36 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 6-19-2006 7:20:23 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 584
ThreadCreationTime : 6-19-2006 7:20:27 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 608
ThreadCreationTime : 6-19-2006 7:20:28 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 652
ThreadCreationTime : 6-19-2006 7:20:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 664
ThreadCreationTime : 6-19-2006 7:20:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 828
ThreadCreationTime : 6-19-2006 7:20:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 876
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 916
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1012
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1044
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1316
ThreadCreationTime : 6-19-2006 7:20:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [wlservice.exe]
FilePath : C:\Program Files\Belkin\F5D7051\
ProcessID : 1420
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
#:13 [wlancfgg.exe]
FilePath : C:\Program Files\Belkin\F5D7051\
ProcessID : 1436
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 4
ProductVersion : 1, 0, 7, 4
ProductName : Wireless Monitor Application
FileDescription : Wireless Monitor Application
InternalName : WLanCfg
LegalCopyright : Copyright © 2002.08
OriginalFilename : WLanCfg.EXE
#:14 [inetinfo.exe]
FilePath : C:\WINNT\system32\inetsrv\
ProcessID : 1464
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:15 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1496
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 4, 0, 1, 27
ProductVersion : 4, 0, 1, 27
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe
#:16 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1516
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1552
ThreadCreationTime : 6-19-2006 7:20:34 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:18 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\
ProcessID : 1584
ThreadCreationTime : 6-19-2006 7:20:34 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:19 [nvsvc32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1708
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:20 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 1792
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86
#:21 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1844
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 1944
ThreadCreationTime : 6-19-2006 7:20:36 AM
BasePriority : Normal
FileVersion : 6.5.714.000
ProductVersion : 6.5.714.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:23 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 548
ThreadCreationTime : 6-19-2006 7:20:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:24 [cthelper.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1132
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 11
ProductVersion : 1, 0, 0, 11
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:25 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1140
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 4, 0, 1, 27
ProductVersion : 4, 0, 1, 27
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe
#:26 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 1164
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 9.00.0607.0
ProductVersion : 9.00.0607.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe
#:27 [logitray.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ProcessID : 1232
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:28 [lvcomsx.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1200
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:29 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 1444
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_04\bin\
ProcessID : 1524
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
#:31 [versioncuecs2tray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\
ProcessID : 1684
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
#:32 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\
ProcessID : 1704
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
FileVersion : 7.0.7.2006011200
ProductVersion : 7.0.7.2006011200
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:33 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2028
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:34 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2060
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 6.5.714.000
ProductVersion : 6.5.714.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:35 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2100
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:36 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2108
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:37 [dwdsregt.exe]
FilePath : C:\winnt\system32\
ProcessID : 2116
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004
#:38 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 2156
ThreadCreationTime : 6-19-2006 7:20:47 AM
BasePriority : Normal
FileVersion : 2.30.04
ProductVersion : 2.30.04
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : SyncExt
LegalCopyright : Copyright © Logitech 2000-2005. All rights reserved
OriginalFilename : SyncExt.dll
Comments : About:
www.logitech.com/ldm
Privacy Policy:
http://privacy.logitech.com
#:39 [rundll32.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2204
ThreadCreationTime : 6-19-2006 7:20:47 AM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:40 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2344
ThreadCreationTime : 6-19-2006 7:20:49 AM
BasePriority : Normal
#:41 [lowlight.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ProcessID : 2424
ThreadCreationTime : 6-19-2006 7:20:50 AM
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LowLight.exe
#:42 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2480
ThreadCreationTime : 6-19-2006 7:20:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:43 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2832
ThreadCreationTime : 6-19-2006 7:20:59 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:44 [webshots.scr]
FilePath : C:\WINNT\
ProcessID : 2892
ThreadCreationTime : 6-19-2006 7:21:01 AM
BasePriority : Normal
FileVersion : 2.0.0.4324
ProductVersion : 2.0.0.4324
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright © 2003
OriginalFilename : Webshots2.EXE
#:45 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3700
ThreadCreationTime : 6-19-2006 7:21:30 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:46 [isafe.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 3780
ThreadCreationTime : 6-19-2006 7:21:30 AM
BasePriority : Normal
FileVersion : Version 10.67.0.0
ProductVersion : Version 10.67.0.0
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:47 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 4036
ThreadCreationTime : 6-19-2006 7:21:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:48 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2976
ThreadCreationTime : 6-19-2006 10:06:40 AM
BasePriority : Normal
#:49 [dumprep.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1028
ThreadCreationTime : 6-19-2006 4:36:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Error Reporting Dump Reporting Tool
InternalName : DUMPREP.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : DUMPREP.EXE
#:50 [ntvdm.exe]
FilePath : C:\WINNT\system32\
ProcessID : 900
ThreadCreationTime : 6-19-2006 4:46:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
#:51 [winpat~1.exe]
FilePath : C:\PROGRA~1\BILLPS~1\WINPAT~1\
ProcessID : 3724
ThreadCreationTime : 6-19-2006 4:46:56 PM
BasePriority : Normal
FileVersion : 9, 8, 1, 0
ProductVersion : 9.8.1.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.
#:52 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1864
ThreadCreationTime : 6-19-2006 4:48:15 PM
BasePriority : Normal
FileVersion : 7.00.5335.5 (winmain(wmbla).060317-1722)
ProductVersion : 7.00.5335.5
ProductName : Microsoft® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:53 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 632
ThreadCreationTime : 6-19-2006 4:53:55 PM
BasePriority : Normal
FileVersion : 7.00.5335.5 (winmain(wmbla).060317-1722)
ProductVersion : 7.00.5335.5
ProductName : Microsoft® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:54 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 1592
ThreadCreationTime : 6-19-2006 4:57:00 PM
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment : "BrowserUpdateSched"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : BrowserUpdateSched
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 15
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@server.iad.liveperson[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:owner@server.iad.liveperson.net/
Expires : 6-19-2007 4:49:54 PM
LastSync : Hits:28
UseCount : 0
Hits : 28
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@server.iad.liveperson.net/hc/87535706
Expires : 6-19-2007 4:50:18 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:owner@statse.webtrendslive.com/
Expires : 6-16-2016 5:19:12 PM
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:owner@statse.webtrendslive.com/S153949
Expires : 12-31-2020 9:00:00 AM
LastSync : Hits:33
UseCount : 0
Hits : 33
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@doubleclick.net/
Expires : 6-19-2006 4:45:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 20
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 20
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno
Value : UninstallString
Adware.ZenoSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\zeno search assistant
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\zeno search assistant
Value : UninstallString
Adware.ZenoSearch Object Recognized!
Type : File
Data : msnav32.ax
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Adware.ZenoSearch Object Recognized!
Type : File
Data : nt68rrtc12.sys
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Adware.ZenoSearch Object Recognized!
Type : File
Data : zxdnt3d.cfg
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 27
6:31:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:32:28.125
Objects scanned:352428
Objects identified:13
Objects ignored:0
New critical objects:13
Thanks for the reply. I did update the last definition. I catch 13 critical adware, but everytime I use internet explorer Zeno pop reappear. I try to find a way to completely remove this anoying spyware.
Below my log file:
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 19, 2006 5:58:36 PM
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch(TAC index:4):8 total references
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
6-19-2006 5:58:36 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1095400420-4126652087-3573823692-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 6-19-2006 7:20:23 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 584
ThreadCreationTime : 6-19-2006 7:20:27 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 608
ThreadCreationTime : 6-19-2006 7:20:28 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 652
ThreadCreationTime : 6-19-2006 7:20:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 664
ThreadCreationTime : 6-19-2006 7:20:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 828
ThreadCreationTime : 6-19-2006 7:20:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 876
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 916
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1012
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1044
ThreadCreationTime : 6-19-2006 7:20:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1316
ThreadCreationTime : 6-19-2006 7:20:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [wlservice.exe]
FilePath : C:\Program Files\Belkin\F5D7051\
ProcessID : 1420
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
#:13 [wlancfgg.exe]
FilePath : C:\Program Files\Belkin\F5D7051\
ProcessID : 1436
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 4
ProductVersion : 1, 0, 7, 4
ProductName : Wireless Monitor Application
FileDescription : Wireless Monitor Application
InternalName : WLanCfg
LegalCopyright : Copyright © 2002.08
OriginalFilename : WLanCfg.EXE
#:14 [inetinfo.exe]
FilePath : C:\WINNT\system32\inetsrv\
ProcessID : 1464
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:15 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1496
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 4, 0, 1, 27
ProductVersion : 4, 0, 1, 27
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe
#:16 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1516
ThreadCreationTime : 6-19-2006 7:20:33 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
ProcessID : 1552
ThreadCreationTime : 6-19-2006 7:20:34 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:18 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\
ProcessID : 1584
ThreadCreationTime : 6-19-2006 7:20:34 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:19 [nvsvc32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1708
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:20 [sqlwriter.exe]
FilePath : c:\Program Files\Microsoft SQL Server\90\Shared\
ProcessID : 1792
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 2005.090.1399.00
ProductVersion : 9.00.1399.06
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server VSS Writer
InternalName : SQLWRITER
LegalCopyright : © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLWRITER.EXE
Comments : NT INTEL X86
#:21 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1844
ThreadCreationTime : 6-19-2006 7:20:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 1944
ThreadCreationTime : 6-19-2006 7:20:36 AM
BasePriority : Normal
FileVersion : 6.5.714.000
ProductVersion : 6.5.714.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:23 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 548
ThreadCreationTime : 6-19-2006 7:20:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:24 [cthelper.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1132
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 11
ProductVersion : 1, 0, 0, 11
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:25 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1140
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 4, 0, 1, 27
ProductVersion : 4, 0, 1, 27
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe
#:26 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 1164
ThreadCreationTime : 6-19-2006 7:20:43 AM
BasePriority : Normal
FileVersion : 9.00.0607.0
ProductVersion : 9.00.0607.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe
#:27 [logitray.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ProcessID : 1232
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:28 [lvcomsx.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1200
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:29 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 1444
ThreadCreationTime : 6-19-2006 7:20:44 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_04\bin\
ProcessID : 1524
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
#:31 [versioncuecs2tray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\
ProcessID : 1684
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
#:32 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\
ProcessID : 1704
ThreadCreationTime : 6-19-2006 7:20:45 AM
BasePriority : Normal
FileVersion : 7.0.7.2006011200
ProductVersion : 7.0.7.2006011200
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:33 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2028
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:34 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2060
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 6.5.714.000
ProductVersion : 6.5.714.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:35 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2100
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:36 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2108
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:37 [dwdsregt.exe]
FilePath : C:\winnt\system32\
ProcessID : 2116
ThreadCreationTime : 6-19-2006 7:20:46 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004
#:38 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 2156
ThreadCreationTime : 6-19-2006 7:20:47 AM
BasePriority : Normal
FileVersion : 2.30.04
ProductVersion : 2.30.04
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : SyncExt
LegalCopyright : Copyright © Logitech 2000-2005. All rights reserved
OriginalFilename : SyncExt.dll
Comments : About:
www.logitech.com/ldm
Privacy Policy:
http://privacy.logitech.com
#:39 [rundll32.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2204
ThreadCreationTime : 6-19-2006 7:20:47 AM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:40 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2344
ThreadCreationTime : 6-19-2006 7:20:49 AM
BasePriority : Normal
#:41 [lowlight.exe]
FilePath : C:\Program Files\Logitech\ImageStudio\
ProcessID : 2424
ThreadCreationTime : 6-19-2006 7:20:50 AM
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LowLight.exe
#:42 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2480
ThreadCreationTime : 6-19-2006 7:20:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:43 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2832
ThreadCreationTime : 6-19-2006 7:20:59 AM
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:44 [webshots.scr]
FilePath : C:\WINNT\
ProcessID : 2892
ThreadCreationTime : 6-19-2006 7:21:01 AM
BasePriority : Normal
FileVersion : 2.0.0.4324
ProductVersion : 2.0.0.4324
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright © 2003
OriginalFilename : Webshots2.EXE
#:45 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3700
ThreadCreationTime : 6-19-2006 7:21:30 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:46 [isafe.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 3780
ThreadCreationTime : 6-19-2006 7:21:30 AM
BasePriority : Normal
FileVersion : Version 10.67.0.0
ProductVersion : Version 10.67.0.0
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:47 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 4036
ThreadCreationTime : 6-19-2006 7:21:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:48 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2976
ThreadCreationTime : 6-19-2006 10:06:40 AM
BasePriority : Normal
#:49 [dumprep.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1028
ThreadCreationTime : 6-19-2006 4:36:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Error Reporting Dump Reporting Tool
InternalName : DUMPREP.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : DUMPREP.EXE
#:50 [ntvdm.exe]
FilePath : C:\WINNT\system32\
ProcessID : 900
ThreadCreationTime : 6-19-2006 4:46:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
#:51 [winpat~1.exe]
FilePath : C:\PROGRA~1\BILLPS~1\WINPAT~1\
ProcessID : 3724
ThreadCreationTime : 6-19-2006 4:46:56 PM
BasePriority : Normal
FileVersion : 9, 8, 1, 0
ProductVersion : 9.8.1.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.
#:52 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1864
ThreadCreationTime : 6-19-2006 4:48:15 PM
BasePriority : Normal
FileVersion : 7.00.5335.5 (winmain(wmbla).060317-1722)
ProductVersion : 7.00.5335.5
ProductName : Microsoft® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:53 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 632
ThreadCreationTime : 6-19-2006 4:53:55 PM
BasePriority : Normal
FileVersion : 7.00.5335.5 (winmain(wmbla).060317-1722)
ProductVersion : 7.00.5335.5
ProductName : Microsoft® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:54 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 1592
ThreadCreationTime : 6-19-2006 4:57:00 PM
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment : "BrowserUpdateSched"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : BrowserUpdateSched
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 15
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@server.iad.liveperson[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:owner@server.iad.liveperson.net/
Expires : 6-19-2007 4:49:54 PM
LastSync : Hits:28
UseCount : 0
Hits : 28
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@server.iad.liveperson.net/hc/87535706
Expires : 6-19-2007 4:50:18 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:owner@statse.webtrendslive.com/
Expires : 6-16-2016 5:19:12 PM
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:owner@statse.webtrendslive.com/S153949
Expires : 12-31-2020 9:00:00 AM
LastSync : Hits:33
UseCount : 0
Hits : 33
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@doubleclick.net/
Expires : 6-19-2006 4:45:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 20
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 20
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.ZenoSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno
Value : UninstallString
Adware.ZenoSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\zeno search assistant
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\zeno search assistant
Value : UninstallString
Adware.ZenoSearch Object Recognized!
Type : File
Data : msnav32.ax
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Adware.ZenoSearch Object Recognized!
Type : File
Data : nt68rrtc12.sys
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Adware.ZenoSearch Object Recognized!
Type : File
Data : zxdnt3d.cfg
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINNT\system32\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 27
6:31:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:32:28.125
Objects scanned:352428
Objects identified:13
Objects ignored:0
New critical objects:13
Thank you 
Now could you also please follow these instructions to create a HijackThis log so I can hopefully see what it's missing. Might be some new component or something
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
Post your HijackThis log back here and I can compare to the Adaware scan results easily.
Now could you also please follow these instructions to create a HijackThis log so I can hopefully see what it's missing. Might be some new component or somethingInstructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
Post your HijackThis log back here and I can compare to the Adaware scan results easily.
Logfile of HijackThis v1.99.1
Scan saved at 9:05:57 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\winnt\system32\dwdsregt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\System32\RunDLL32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\isafe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Apploader] C:\Program Files\Gateway\HPA\pshell.exe 10000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O4 - HKLM\..\Run: [fxredir] C:\WINNT\system32\fxredir.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.napster.com/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121782686849
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128972964217
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://web.net2phone.com/products/commcent...XCommCenter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\typo3\service.exe (file missing)
Scan saved at 9:05:57 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\winnt\system32\dwdsregt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\System32\RunDLL32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\isafe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Apploader] C:\Program Files\Gateway\HPA\pshell.exe 10000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O4 - HKLM\..\Run: [fxredir] C:\WINNT\system32\fxredir.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.napster.com/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121782686849
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128972964217
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://web.net2phone.com/products/commcent...XCommCenter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\typo3\service.exe (file missing)
Think I found it. I would like for you to get a copy of a file uploaded for me so I can get it submitted for detection.
Go here to upload the file as an attachment
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject: For CalamityJane from Jerome at LS ),
fill in a short message & then press the browse button and then navigate to & select these files on your computer, then press the *Post* to upload the file
Files to upload:
C:\winnt\system32\dwdsregt.exe
(Do not post HJT logs there as they will not get dealt with)
You DO NOT need to be a member to upload, anybody can upload the files
You will not see the files that have been uploaded as they only show to the authorized users who can download them
I'll come back in a bit and write up some steps for removal for you
Go here to upload the file as an attachment
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject: For CalamityJane from Jerome at LS ),
fill in a short message & then press the browse button and then navigate to & select these files on your computer, then press the *Post* to upload the file
Files to upload:
C:\winnt\system32\dwdsregt.exe
(Do not post HJT logs there as they will not get dealt with)
You DO NOT need to be a member to upload, anybody can upload the files
You will not see the files that have been uploaded as they only show to the authorized users who can download them
I'll come back in a bit and write up some steps for removal for you
Once you have uploaded the file, please follow these steps next and let's see how that goes.
Open HijackThis and do a *scan only*
When it finishes, checkmark these entries in the list, then press the *fix checked* button:
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O18 - Protocol: Festoon - (no CLSID) - (no file)
Then delete this file:
C:\winnt\system32\dwdsregt.exe
Reboot your computer.
Scan one more with Hijackthis and post a fresh log please
Also let me know if you see any remaining problems.
Open HijackThis and do a *scan only*
When it finishes, checkmark these entries in the list, then press the *fix checked* button:
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O18 - Protocol: Festoon - (no CLSID) - (no file)
Then delete this file:
C:\winnt\system32\dwdsregt.exe
Reboot your computer.
Scan one more with Hijackthis and post a fresh log please
Also let me know if you see any remaining problems.
I just did it hope will help 
Yes, thank you, I got it and will submit it. Just follow my steps above posted for removal, then post a fresh log please to make sure we got it.
Check my red question below
QUOTE(CalamityJane @ Jun 19 2006, 10:59 PM) 
Once you have uploaded the file, please follow these steps next and let's see how that goes.
Open HijackThis and do a *scan only*
When it finishes, checkmark these entries in the list:
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O18 - Protocol: Festoon - (no CLSID) - (no file)
AFTER I CHECKMARK what do I do to does file with HijackThis?
Then delete this file:
C:\winnt\system32\dwdsregt.exe
Reboot your computer.
Scan one more with Hijackthis and post a fresh log please
Also let me know if you see any remaining problems.
Open HijackThis and do a *scan only*
When it finishes, checkmark these entries in the list:
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [{B6-62-20-03-ZN}] C:\winnt\system32\dwdsregt.exe IMG001
O18 - Protocol: Festoon - (no CLSID) - (no file)
AFTER I CHECKMARK what do I do to does file with HijackThis?
Then delete this file:
C:\winnt\system32\dwdsregt.exe
Reboot your computer.
Scan one more with Hijackthis and post a fresh log please
Also let me know if you see any remaining problems.
I'm sorry, after checkmarking, press the *fix checked* button
So I follow your direction, and reboot the machine the only thing I had problem with I lost my wireless usb Belkin internet connection I had to reinstall it no it's fine below my new log
Logfile of HijackThis v1.99.1
Scan saved at 11:56:20 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\System32\RunDLL32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Apploader] C:\Program Files\Gateway\HPA\pshell.exe 10000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fxredir] C:\WINNT\system32\fxredir.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.napster.com/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121782686849
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128972964217
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://web.net2phone.com/products/commcent...XCommCenter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\typo3\service.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 11:56:20 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\System32\RunDLL32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Apploader] C:\Program Files\Gateway\HPA\pshell.exe 10000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fxredir] C:\WINNT\system32\fxredir.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.napster.com/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121782686849
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128972964217
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://web.net2phone.com/products/commcent...XCommCenter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0635E70D-AD12-49DD-BC1D-29C5764189E8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\typo3\service.exe (file missing)
QUOTE(Jerome @ Jun 19 2006, 07:00 PM)
So I follow your direction, and reboot the machine the only thing I had problem with I lost my wireless usb Belkin internet connection I had to reinstall it no it's fine below my new log
Don't know why that is, the only file we deleted was this one:
File: dwdsregt.exe
Which is definitely ZenoSearch
QUOTE
Jotti Malware Scan results:
Status:
INFECTED/MALWARE
MD5 b97a76aec172a3f9070631ce81473943
Packers detected:
-
Scanner results
AntiVir Found Trojan/Dldr.Agent.KK.1
ArcaVir Found nothing
Avast Found Win32:Dialer-566
AVG Antivirus Found Generic.NOI
BitDefender Found Trojan.Downloader.Agent.KK
ClamAV Found nothing
Dr.Web Found Adware.ZenoSearch
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.ZenoSearch.o
NOD32 Found a variant of Win32/Adware.ZenoSearch application
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.ZenoSearch.o
Status:
INFECTED/MALWARE
MD5 b97a76aec172a3f9070631ce81473943
Packers detected:
-
Scanner results
AntiVir Found Trojan/Dldr.Agent.KK.1
ArcaVir Found nothing
Avast Found Win32:Dialer-566
AVG Antivirus Found Generic.NOI
BitDefender Found Trojan.Downloader.Agent.KK
ClamAV Found nothing
Dr.Web Found Adware.ZenoSearch
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.ZenoSearch.o
NOD32 Found a variant of Win32/Adware.ZenoSearch application
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.ZenoSearch.o
Some final cleanup and prevention recomendations follow.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files.
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.