Posts by delphine

Hi,

Thanks for your help so far! Unfortunately I'm still getting the BSOD when I try Safe Mode :/ Is there anything else you can recommend that I do? My new HJT log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24 AM, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Quicknote\Quicknote.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
D:\Apps\Swept Away\Swept Away.exe
D:\Apps\texter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Cuifen\My Documents\_junkdrawer\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Apps\Miranda IM\miranda32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

Hi,

Thank you very much for your reply! Before I do anything, I have a few questions actually. Some of the things you pointed out I should delete are actually programs where I know exactly what they are and trust completely. These are:

C:\WINDOWS\system32\gdi++\gditray.exe
C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe
D:\Apps\ObjectBar\ObjectBar.exe
D:\Y'z Shadow\YzShadow.exe
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKCU\..\Run: [3RVX.exe] C:\Program Files\3RVX\3RVX.exe
O4 - HKCU..Run: [GDI++] C:\WINDOWS\system32\gdi++\gditray.exe -on
O4 - Startup: gditray.lnk = C:\WINDOWS\system32\gdi++\gditray.exe

I'm just wondering if it's really necessary to delete these entries, as I do rely quite a bit on all these programs and I'm not sure if deleting these entries in HJT will break them completely. Thanks :)

Hi,

I'm getting a BSOD when I try to boot into Safe Mode :/ The reason I've been trying to boot into Safe Mode is because I want to delete and replace some fonts with a newer version of them, and I can't do so in normal Windows because my access to them is constantly denied (even though I'm fairly sure they're not in use by any process). I suspect it's a leftover remnant of the previous big spyware infection I had with Vundo/Virtuamonde trojan, as I remember also having a BSOD problem then... The stop code is 0x0000007B (0xF78AF528, 0xC0000034, 0x00000000, 0x00000000) if that helps. Here is my HJT log. Any help is really appreciated :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43 AM, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Quicknote\Quicknote.exe
C:\Program Files\3RVX\3RVX.exe
C:\WINDOWS\system32\gdi++\gditray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program …

I couldn't access msconfig utility, when I type msconfig into the run box it returns a Windows cannot find msconfig error. But happily, I managed to stop the popup by following some instructions I found elsewhere! Will post them here for others having a similar problem:

1. Go to run and type services.msc
2. Scroll down to VAIO Cooperated Initialisation
3. Right click > Properties
4. Change Startup Type to Disabled
5. Click OK and close all the windows

Upon next restart, the popup was gone!

Apologies for the late reply, I somehow didn't get an email notification of your reply and didn't actually check this thread until now!

I managed to take care of the Office problem - traced it to another program I had, uninstalled that program, and now the problem is gone. :)

Unfortunately even after deleting the VCI_Task key in the registry I still get the "Windows cannot find \VCI_Task.exe" error when I startup Windows. Is there anything else that can be done?

Thanks!

When I search for VCI_Task.exe in regedit, I find the following:

Name C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_Task.exe
Type REG_SZ
Data VAIO Task Scheduler

That's the only match when I use the find option to search for VCI_Task.exe. I'm not really sure what to do after that because I'm not experienced with tweaking the registry. What should I do?

As for the MS Office error, I've said that I don't have the MS Office installation CD with me. Is there anything I can do without it? I'm just curious why I get the error in the first place, because my Office seems to still be working perfectly and I don't remember having tampered with it lately.

Thank you for your help!

Hi,

I have two startup problems with my computer which happened recently after i did some cleaning out of my computer. I doubt they are related though, since they didn't happen at exactly the same time.

Firstly, whenever I start Windows, I get a "Windows cannot find file \VCI_Task.exe" error. I'm pretty sure VCI_Task.exe is a Sony-related file (I have a Vaio), but as far as I know I haven't touched it, and it's not in my startup folder. My computer runs quite normally after I click OK to make the error message go away, but it's annoying to have it pop up every time I reboot.

Secondly, also whenever I startup, Microsoft Office 2003 Professional attempts to install something. I've no idea what it is, but I keep getting a "Preparing to install" message, followed by an Office installation screen that proceeds normally until it reaches an "SKU111.cab not found" error, where it then asks me to insert a CD. My Office 2003 CD is not with me at the moment so I can't even try that, but I'm at a loss as to why this installation starts up in the first place. Office seems to be functioning perfectly normally and according to the Microsoft Update website I don't need any updates for it.

I'm running Windows XP SP2. Any help would be appreciated!

The error message is gone and all looks good :D Thank you so much for your help!

Here is the log. Thank you very much!

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:
---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"WinRoll" = ""C:\Program Files\WinRoll\winroll.exe"" [null data]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"$Volumouse$" = ""C:\Program Files\Volumouse\volumouse.exe" /nodlg" ["NirSoft"]
"Taskbar Shuffle" = ""C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe"" ["Jay Elaraj"]
"Rainlendar2" = ""C:\Program Files\Rainlendar2\Rainlendar2.exe"" [null data]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = ""C:\Program Files\Apoint\Apoint.exe"" ["Alps Electric Co., Ltd."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"SonyPowerCfg" = ""C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"" ["Sony Corporation"]
"System Files Updater" = ""C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" /S" [null data]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"REGSHAVE" = ""C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"LogonStudio" = ""C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]
"BootSkin Startup Jobs" = ""C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"SoundService" = ""rundll32.exe" "C:\WINDOWS\system32\mxndrslc.dll",setvm" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon …

All seems good now :) But I have an error message upon starting windows that mxndrslc.dll cannot be found. I was getting it before following the instructions in your latest post so it probably doesn't have anything to do with that, but I'm curious as to how to fix it. Thank you for your help so far!

New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11 AM, on 07-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Launchy\Launchy.exe
D:\RKLauncher\RKLauncher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet …

After running VundoFix.exe as per your instructions, my entire system seems to have crashed :( Explorer.exe is unable to run, no matter how much I restart my computer. Please help!

Here is the VundoFix log:

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 1:33:19 PM 3/25/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 8:25:32 AM 07-04-14

Listing files found while scanning....

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 9:07:17 AM 07-04-14

Listing files found while scanning....

C:\WINDOWS\system32\atxgybpd.dll
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\clsrdnxm.ini
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\hjdrqycy.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\kyhsdryc.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mxndrslc.dll
C:\WINDOWS\system32\myyvqlpg.dll
C:\WINDOWS\system32\oldxqjpl.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\yayyvvu.dll

Beginning removal...

Attempting …

I will do that as soon as I can :) I'm leaving for a holiday for Easter where there will be no internet access, and will only be back on the 13th. Thank you!

Hi and welcome to Daniweb forums :).

1. Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Thank you for the welcome!

Combofix.exe doesn't seem to do anything for me... after the initial screen where I press 1 to continue, it stalls at a screen that says "Welcome to Darwin!" for a very long time.

I've been having trouble with Amaena and WinAntiVirus Pro for a week now. Webroot Spysweeper, AVG Anti-Spyware, Ad-aware and Spybot S&D haven't been able to fix it, and VundoFix and Virtumondebegone have not been effective either.

Here is my HijackThis log. Any help would be appreciated!

***
Logfile of HijackThis v1.99.1
Scan saved at 9:46:22 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dexpot\dexpot.exe
C:\Program Files\Launchy\Launchy.exe
D:\RKLauncher\RKLauncher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe