Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
 
 Closed TopicStart new topic
"Warning! Spyware detected on your computer!" blue d, blue and yellow desktop cannot be removed. No other problems.
StAnLi86
post Aug 10 2008, 07:00 AM
Post #1


New Member
*
Posts: 6
OS: Windows XP
I have McAfee Antivirus that is updated daily. I also have run Spybot-Search and Destroy, and it found no major threats. I did have a pop-up along the taskbar in the bottom right corner every five minutes or so saying that many of my applications were infected with spyware and that I needed to install an anti-spyware by clicking the pop-up. When I did, it took me to a bogus website where they wanted me to buy a fake antivirus software. I have since gotten rid of the pop-ups by using SmitFraudFix, but I cannot change my desktop background. When I go to properties the desktop tab is missing. I just want to be able to remove this annoying warning message. Here is my Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:45, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcrtlj0eed1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: 995937 helper - {1E1465F3-56CF-4FC4-8684-1BD6245AA30D} - C:\WINDOWS\system32\995937\995937.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FCTBPos00Pos - {A1023BB9-453C-463F-9288-56AE96C52807} - C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Susan G. Komen for the Cure® Toolbar - {BB0CBE93-CD99-45B9-BF11-291F1B260698} - C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcrtlj0eed1] C:\WINDOWS\system32\lphcrtlj0eed1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183929944921
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 22284 bytes

I hope this helps and I hope you are able to help me. Thank you.
Go to the top of the page
 
+Quote Post
Ltangelic
post Aug 10 2008, 10:59 AM
Post #2


Angel Annihilator of Malware
Group Icon
Posts: 1,614
From: Singapore (born in China)
OS: Windows XP Professional



Hey StAnLi86,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. wink.gif

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT
Go to the top of the page
 
+Quote Post
Ltangelic
post Aug 11 2008, 05:00 AM
Post #3


Angel Annihilator of Malware
Group Icon
Posts: 1,614
From: Singapore (born in China)
OS: Windows XP Professional



Hey StAnLi86,

I see a few infected files in there. Let's use some tools to dig deeper into the machine. Meanwhile, please keep your infected computer disconnected from the Internet and transfer the setup files using a USB drive or any removable disk. Thanks. wink.gif

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Next reply (please include):

DSS scan logs

This post has been edited by Ltangelic: Aug 11 2008, 06:44 AM
Go to the top of the page
 
+Quote Post
Ltangelic
post Aug 14 2008, 06:23 AM
Post #4


Angel Annihilator of Malware
Group Icon
Posts: 1,614
From: Singapore (born in China)
OS: Windows XP Professional



Hey StAnLi86,

You have signs of Sony DRM rootkit, it is optional if you want to remove it or not. If you do decide to remove it, please follow the instructions below:

http://cp.sonybmg.com/xcp/english/updates.html
Go to the top of the page
 
+Quote Post
StAnLi86
post Aug 17 2008, 02:36 AM
Post #5


New Member
*
Posts: 6
OS: Windows XP
Hi Ltangelic,
Sorry for the delay, but here are my DSS scan logs:

Deckard's System Scanner v20071014.68
Run by Stephanie Liebe on 2008-08-17 17:28:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-08-17 08:28:54 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-08-16 09:24:09 UTC - RP7 - System Checkpoint
6: 2008-08-15 09:01:21 UTC - RP6 - Software Distribution Service 3.0
5: 2008-08-15 08:17:29 UTC - RP5 - System Checkpoint
4: 2008-08-14 07:48:04 UTC - RP4 - System Checkpoint


-- First Restore Point --
1: 2008-08-10 11:32:23 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Stephanie Liebe.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:58, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Stephanie Liebe\Local Settings\Temporary Internet Files\Content.IE5\6BAYTCD8\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stephanie Liebe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FCTBPos00Pos - {A1023BB9-453C-463F-9288-56AE96C52807} - C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Susan G. Komen for the Cure® Toolbar - {BB0CBE93-CD99-45B9-BF11-291F1B260698} - C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183929944921
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A72165AD-70E1-4B38-B962-9272C5548416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 21627 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 XTrapD12 - c:\program files\maiet\gunz\xtrap\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-17 17:14:25 442 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1627720B-AD29-46BC-B7E1-B48DFDD4E995}.job
2008-08-15 14:34:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-16 10:39:02 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-17 14:31:23 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\Help
2008-08-10 21:56:37 0 d-------- C:\Program Files\Trend Micro
2008-08-10 21:32:35 0 d-------- C:\Program Files\Panda Security
2008-08-10 21:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 21:23:19 0 d-------- C:\Program Files\SpywareBlaster
2008-08-10 20:26:28 0 d-------- C:\Program Files\RichVideoCodec
2008-08-10 20:16:36 0 d-------- C:\WINDOWS\system32\995937
2008-08-10 20:11:08 2812 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-10 17:56:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-10 17:56:21 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-10 17:56:20 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-10 17:56:20 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-10 17:56:20 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-08-10 17:56:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-10 17:56:19 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-10 17:56:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-10 14:28:06 7077888 --a------ C:\Documents and Settings\Stephanie Liebe\ntuser.dat
2008-08-10 14:25:38 279292 --a------ C:\WINDOWS\system32\lphcrtlj0eed1.exe
2008-08-08 19:35:28 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\ICAClient
2008-08-08 19:34:48 0 d-------- C:\Program Files\Citrix
2008-08-07 19:26:36 0 d-------- C:\GradeQuickWeb


-- Find3M Report ---------------------------------------------------------------

2008-08-17 16:58:35 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\Skype
2008-08-15 18:12:23 0 d-------- C:\Program Files\Messenger
2008-08-07 22:34:34 34936 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-06 19:19:02 0 d-------- C:\Program Files\Apple Software Update
2008-08-06 19:11:59 0 d-------- C:\Program Files\iTunes
2008-08-06 19:11:14 0 d-------- C:\Program Files\iPod
2008-07-15 08:12:12 0 d-------- C:\Program Files\Google
2008-07-15 08:04:50 0 d-------- C:\Program Files\QuickTime
2008-07-15 07:54:27 0 d-------- C:\Program Files\Safari
2008-07-03 13:10:35 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\Move Networks
2008-06-25 11:52:53 0 d-------- C:\Program Files\Susan G. Komen for the CureĀ® Toolbar
2008-06-25 11:45:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-25 11:43:30 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\AdobeUM
2008-06-25 09:22:21 0 d-------- C:\Documents and Settings\Stephanie Liebe\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1023BB9-453C-463F-9288-56AE96C52807}]
C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BB0CBE93-CD99-45B9-BF11-291F1B260698}"= C:\Program Files\Susan G. Komen for the CureĀ® Toolbar\Toolbar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{BB0CBE93-CD99-45B9-BF11-291F1B260698}]
[HKEY_CLASSES_ROOT\FCTB000000112.FCTB000000112.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000000112.FCTB000000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 08:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 08:38]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/02/2003 08:44]
"VX1000"="C:\WINDOWS\vVX1000.exe" [10/14/2006 08:04]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 22:50]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [11/18/2006 03:39]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/07/2007 04:53]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/28/2008 00:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 14:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/20/2007 03:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/19/2006 10:05]
"ASpyC"="C:\Program Files\ASpyC\ASpyC.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 5:38:16 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gw54RRjsj]
cerim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software