Can anyone give me some advice? From time to time -- maybe once a week, on average -- the AVG email scanner pops up and ZoneAlarm says it's trying to access some IP address that I don't recognise. I use only webmail and never have any email client running, so I'm not sure what's originating these emails.

AVG, ewido and Ad-Aware find nothing and I scan regularly.

My HJT log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 17:23:38, on 13/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\Documents and Settings\Michael\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Any ideas very gladly received. Thanks!

Hello,tools187 & Welcome

Well first it would be a big help if we had the IP # your talking about
2 are you running 2 Anti-Virus if so keep just one update it
& keep it that way

as for the logfile i don't see anything here
guy's

HGD

Thanks HJThis,

Below are a few samples from the AVG logfile so you can see what's going on:

30.5.2005 18:08:57 [9c8] AutoPOP3(10110): Connection from process 2476
30.5.2005 18:08:57 [9c8] AutoPOP3(10110): Connection from 127.0.0.1:2963
30.5.2005 18:08:57 [c20] AutoPOP3(10110): Client connected
30.5.2005 18:09:51 [c20] AutoPOP3(10110): Cannot connect to 68.Red-217-127-91.pooles.rima-tde.net:110
30.5.2005 18:09:51 [c20] AutoPOP3(10110): Connect: The operation completed successfully. (0)
30.5.2005 18:09:51 [c20] AutoPOP3(10110): Client disconnected

13.6.2005 06:18:22 [b04] AutoPOP3(10110): Connection from process 1424
13.6.2005 06:18:22 [b04] AutoPOP3(10110): Connection from 127.0.0.1:1500
13.6.2005 06:18:22 [db4] AutoPOP3(10110): Client connected
13.6.2005 10:34:59 [db4] AutoPOP3(10110): Cannot connect to 196.47.2.179:110
13.6.2005 10:34:59 [db4] AutoPOP3(10110): Connect: A socket operation was attempted to an unreachable network. (10051)

13.6.2005 16:49:22 [c14] AutoPOP3(10110): Connection from process 2552
13.6.2005 16:49:22 [c14] AutoPOP3(10110): Connection from 127.0.0.1:3595
13.6.2005 16:49:22 [838] AutoPOP3(10110): Client connected
13.6.2005 17:13:01 [838] AutoPOP3(10110): Cannot connect to 196.47.2.179:110
13.6.2005 17:13:01 [838] AutoPOP3(10110): Connect: No connection could be made because the target machine actively refused it. (10061)

14.6.2005 00:12:40 [9d0] AutoPOP3(10110): Connection from process 2664
14.6.2005 00:12:40 [9d0] AutoPOP3(10110): Connection from 127.0.0.1:3291
14.6.2005 00:12:40 [770] AutoPOP3(10110): Client connected
14.6.2005 11:01:50 [9d0] AutoPOP3(10110): Failed to retrieve destination address!
14.6.2005 11:02:11 [770] AutoPOP3(10110): Cannot connect to 196-47-2-179.access.uunet.co.za:110
14.6.2005 11:02:11 [770] AutoPOP3(10110): Connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (10060)

On the most recent attempt above (14.6.2005) process 2664 is Sun Java (javaw.exe). I'm running Azureus (Java Bittorrent client), could that be the explanation?

Also, since the last post I have taken your advice and removed ewido and installed Spybot S&D instead; so now running AVG free and ZoneAlarm free, and scanning with Ad-Aware free and S&D. The first S&D scan found nothing either.

Thanks again, and looking forward to any suggestions.

Hi,tools187

Ok i found some info not a lot now could you
said me in a PM your ISP info just so i can make
sure i am going the right way here up to you

HGD

I hope someone is still watching this thread because I've got almost the same problem. I just don't see a solution listed here.

I'm also running Azureus and the process causing all the activity in my AVG Log is javaw.exe also. Sample...

22.11.2005 18:07:58.359 [9e0] AutoPOP3(10110): Connection from process 468
22.11.2005 18:07:58.359 [9e0] AutoPOP3(10110): Connection from 127.0.0.1:1672
22.11.2005 18:07:58.359 [9e0] AutoPOP3(10110): Will connect to 80.195.137.46:110
22.11.2005 18:07:58.375 [a2c] AutoPOP3(10110): Client connected
22.11.2005 18:07:58.375 OpenInternet = 0
22.11.2005 18:07:58.375 AddTrayIcon()
22.11.2005 18:09:31.781 [a2c] AutoPOP3(10110): Cannot connect to 80-195-137-46.cable.ubr05.uddi.blueyonder.co.uk:110
22.11.2005 18:09:31.781 [a2c] AutoPOP3(10110): Connect: The operation completed successfully. (0)
22.11.2005 18:09:31.781 [a2c] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
22.11.2005 18:09:31.781 CloseInternet = 1
22.11.2005 18:09:31.781 RemoveTrayIcon()
22.11.2005 18:09:31.796 [a2c] AutoPOP3(10110): Client disconnected


I turned off Azureus and I didn't see anything. WHat could be causing this? By the way. I use Thunderbird right now and when this is happening with the AutoPoP3 its not even on. Kind of creepy. No AntiVirus , Trojan, Spyware, Rootkit Scanner has found anything but a tracking cooking and some false positives.

MOre log file...
18.11.2005 17:54:41 Starting the main loop
18.11.2005 17:54:41 Redirector version 70004
18.11.2005 17:54:41 [9e0] AutoPOP3(10110): Starting server
18.11.2005 17:54:41 [9e4] AutoSMTP(10025): Starting server
18.11.2005 17:54:41 Queue processing started
18.11.2005 18:54:25 [9e0] AutoPOP3(10110): Connection from process 2056
18.11.2005 18:54:25 [9e0] AutoPOP3(10110): Connection from 127.0.0.1:2418
18.11.2005 18:54:25 [f14] AutoPOP3(10110): Client connected
18.11.2005 1821 [f14] AutoPOP3(10110): Cannot connect to 3E6B67E5.rev.stofanet.dk:110
18.11.2005 1821 [f14] AutoPOP3(10110): Connect: The operation completed successfully. (0)
18.11.2005 1821 [f14] AutoPOP3(10110): Client disconnected
18.11.2005 23:31:14 [9e0] AutoPOP3(10110): Connection from process 2056
18.11.2005 23:31:14 [9e0] AutoPOP3(10110): Connection from 127.0.0.1:2652
18.11.2005 23:31:14 [4bc] AutoPOP3(10110): Client connected
18.11.2005 23:33:39 [4bc] AutoPOP3(10110): Cannot connect to 3E6B67E5.rev.stofanet.dk:110
18.11.2005 23:33:39 [4bc] AutoPOP3(10110): Connect: The operation completed successfully. (0)
18.11.2005 23:33:39 [4bc] AutoPOP3(10110): Client disconnected
19.11.2005 01:41:29 [9e4] AutoSMTP(10025): Connection from process 2056
19.11.2005 01:41:29 [9e4] AutoSMTP(10025): Connection from 127.0.0.1:4607
19.11.2005 01:41:29 [9a8] AutoSMTP(10025): Client connected
19.11.2005 01:41:29 [9a8] AutoSMTP(10025): Client closed connection
19.11.2005 01:41:29 [9a8] AutoSMTP(10025): Client disconnected
19.11.2005 02:37:06 [9e4] AutoSMTP(10025): Connection from process 2056
19.11.2005 02:37:06 [9e4] AutoSMTP(10025): Connection from 127.0.0.1:1506
19.11.2005 02:37:06 [4bc] AutoSMTP(10025): Client connected
19.11.2005 02:37:06 [4bc] AutoSMTP(10025): Client closed connection
19.11.2005 02:37:06 [4bc] AutoSMTP(10025): Client disconnected
19.11.2005 13:05:01 [9e0] AutoPOP3(10110): Connection from process 2056
19.11.2005 13:05:01 [9e0] AutoPOP3(10110): Connection from 127.0.0.1:2907
19.11.2005 13:05:01 [f3c] AutoPOP3(10110): Client connected
19.11.2005 13:08:02 [f3c] AutoPOP3(10110): Cannot connect to p54BD2CC2.dip0.t-ipconnect.de:110
19.11.2005 13:08:02 [f3c] AutoPOP3(10110): Connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (10060)
19.11.2005 13:08:02 [f3c] AutoPOP3(10110): Client disconnected


I'll check back. If anyone can explain what is going on that would be great. Thanks.

Welcome Zevon,

Please post a Hijackthis log for us to take a look at.

Go here please:

http://www.d-a-l.com/help/showthread.php?t=605

Here you go.


Logfile of HijackThis v1.99.1
Scan saved at 9:05:41 PM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\smc.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\PROGRA~1\Grisoft\avgamsvr.exe
F:\PROGRA~1\Grisoft\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\Program Files\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\Grisoft\avgcc.exe
F:\PROGRA~1\Grisoft\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
F:\program files\activesync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\ATI Tool\ATITool\ATITool.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\Acrobat.exe
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
F:\Program Files\PeerGuardian 2.b\PeerGuardian2\pg2.exe
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloadz II\HIjackThis 9.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozillazine.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozillazine.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0 Pro\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - F:\PROGRA~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\avgemc.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CTDVDDet] F:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\program files\activesync\WCESCOMM.EXE"
O4 - Startup: ATITool.lnk = F:\Program Files\ATI Tool\ATITool\ATITool.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\program files\activesync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\activesync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\activesync\INETREPL.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\smc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe