svchost.exe application error malware problem [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

svchost.exe application error malware problem [Solved] Windows XP goes to classic mode with svchost.exe application error

#1 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 14 March 2009 - 07:07 AM

"svchost.exe - Application Error

The instruction at "0x75606eb5" referenced memory at "0x00000008". The memmory could not be "read".

Click on OK to terminate the program"

I get this when I start up Windows. Also, the screen goes to classic mode. I scanned for viruses using McAfee, which is up to date, and can't find anything. When I try to use Windows Update I get redirected to a Google search page. I am on the internet now but the internet pages look like an older version of IE.

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:143078 Mo/Free:2193 Mo)
D:\ [Fixed] - NTFS - (Total:305234 Mo/Free:2894 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sat 03/14/2009|13:53

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\SYSTEM32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\brsvc01a.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\brss01a.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
---------- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\TomTom HOME 2\HOMERunner.exe
---------- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
---------- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
---------- C:\Program Files\Electronic Arts\EADM\Core.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
---------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jucheck.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.176,85.255.112.189
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.176,85.255.112.189
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.176,85.255.112.189
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{49746679-07D6-41B5-B3C2-0059DDB1F75C}]
NameServer REG_SZ 85.255.112.176,85.255.112.189
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{49746679-07D6-41B5-B3C2-0059DDB1F75C}]
NameServer REG_SZ 85.255.112.176,85.255.112.189
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{49746679-07D6-41B5-B3C2-0059DDB1F75C}]
NameServer REG_SZ 85.255.112.176,85.255.112.189
==> WAREOUT <==

----------------------\\ ROOTKIT !!

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen\read me if you need help or info.txt
C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\CS4_Master_Collection_KeyGen.rar
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\keygen.exe
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\CS4 Master Collection KeyGen\Adobe.Master.Collection.CS4.FINAL.WINDOWS.KEYGENONLY.READNFO-Milkman.rar
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\CS4 Master Collection KeyGen\alittlethankme.rar
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\CS4 Master Collection KeyGen\Torrent downloaded from Demonoid.com.txt

1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/14/2009|13:53

----------------------\\ Scan completed at 13:53

OTListIt Extras logfile created on: 3/14/2009 1:55:35 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.6 Folder = C:\Documents and Settings\Rene'\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.45% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 62.14 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 234.83 Gb Free Space | 78.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT
Current User Name: Rene'
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server File not found
C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient File not found
C:\Program Files\ABC\abc.exe:*:Enabled:abc File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander File not found
C:\Documents and Settings\Rene'\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 File not found
D:\My Downloads\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client (LANSPIRIT.NET)
C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict (Massive Entertainment AB)
C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only (Massive Entertainment AB)
C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server ()
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire (Ironclad Games)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Documents and Settings\Rene'\Desktop\Adobe CS4 Keygen - LATEST\Keygen\Keygen.exe:*:Enabled:Microsoft Windows Network File not found
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 (Adobe Systems Incorporated)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{235674B0-A35F-4811-8A8F-E8F42A919EA3}" = PhotoPresets with One-Click WOW!
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE2ED609-7C07-4F6B-8E83-3800F8A133D6}" = PhotoPresets Wow Effects for Lightroom
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ASCOM Platform 4.1" = ASCOM Platform 4.1
"AskPBar Uninstall" = Ask Toolbar
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Far Cry 2: Prima Official eGuide" = Far Cry 2: Prima Official eGuide
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PC Wizard 2007_is1" = PC Wizard 2007.1.72
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sins of a Solar Empire" = Sins of a Solar Empire
"Starry Night Pro Plus 6" = Starry Night Pro Plus 6
"Theatre of War_is1" = Theatre of War
"TomTom HOME" = TomTom HOME 2.5.2.60
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDG Gold 4.0" = PDG Gold 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2009 5:44:02 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 5:44:02 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 5:44:02 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 8:03:46 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/14/2009 8:03:46 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 8:04:06 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/14/2009 8:04:06 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 8:04:07 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 8:04:07 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 8:09:55 AM | Computer Name = SCOTT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 2/21/2009 3:00:43 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/22/2009 2:54:47 AM | Computer Name = SCOTT | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 2/22/2009 2:56:17 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/22/2009 5:52:53 AM | Computer Name = SCOTT | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 2/22/2009 5:54:23 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/22/2009 10:04:18 AM | Computer Name = SCOTT | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 2/22/2009 10:05:37 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/22/2009 1:35:54 PM | Computer Name = SCOTT | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 2/22/2009 1:37:23 PM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/23/2009 2:16:29 AM | Computer Name = SCOTT | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

< End of report >

OTListIt logfile created on: 3/14/2009 1:55:35 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.6 Folder = C:\Documents and Settings\Rene'\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.45% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 62.14 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 234.83 Gb Free Space | 78.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT
Current User Name: Rene'
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Rene'\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (brmfrmps [On_Demand | Stopped]) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DTSRVC [Auto | Running]) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ADIDTSFiltService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApogeeIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\apogeeio.sys (Apogee Instruments)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (L8042Kbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LMImirr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMImirr.sys (LogMeIn, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (MaxImIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\maximio.sys (Diffraction Limited)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pdiddcci [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (PdiPorts [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (pepifilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SCRx31 USB Reader [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\stc2.sys (SCM Microsystems Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (STCFUx32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\STCFUx32.SYS (SCM Microsystems Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/09/14 05:27:07 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2008/12/27 06:04:18 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/12 05:46:43 00,000,000 | ---D | M]

O1 HOSTS File: (303088 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 googleads.g.doubleclick.net
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder (Portrait Displays, Inc)
O4 - HKLM..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart File not found
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanzarL2007] "C:\DOCUME~1\Rene'\LOCALS~1\Temp\{E7D84C17-363A-4D4D-A163-6419C60408C6}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009" File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Downloads\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphoto...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{49746679-07D6-41B5-B3C2-0059DDB1F75C}\\NameServer = 85.255.112.176,85.255.112.189
O18 - Protocol\Handler\bw+0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {2FE4817E-0080-46F3-A7A1-9193C1EED637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\SYSTEM32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{4679199d-3456-11dd-8c3e-001a924e86ed}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE -- File not found
O33 - MountPoints2\D\Shell - "" = Autorun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\Open\command - "" = D:\RECYCLER\S-3-5-19-100014515-100023812-100009559-7704.com -- [2009/03/10 05:44:04 | 00,019,968 | RHS- | M] ()
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/03/14 13:55:12 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Rene'\Desktop\OTListIt2.exe
[2009/03/14 13:53:13 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\Rooter.exe
[2009/03/14 13:52:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/14 13:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/14 13:50:56 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\NTREGOPT.lnk
[2009/03/14 13:50:56 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\ERUNT.lnk
[2009/03/14 13:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/14 13:49:52 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Rene'\Desktop\SysRestorePoint.exe
[2009/03/14 13:49:37 | 00,009,334 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\SysRestorePoint_v13.zip
[2009/03/14 13:04:34 | 00,269,312 | ---- | C] () -- C:\WINDOWS\SVCHOST.EXE
[2009/03/14 08:56:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/03/13 06:10:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Rene'\Local Settings\Application Data\{4F717BFB-FF31-477F-85D1-7BABC44363EC}
[2009/03/13 06:10:09 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Rene'\Local Settings\Application Data\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
[2009/03/13 06:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2009/03/12 19:52:35 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sbp2port.sys
[2009/03/12 19:52:35 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/03/09 21:08:50 | 00,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2009/03/09 20:18:18 | 00,001,822 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Photoshop Lightroom 2.2.lnk
[2009/03/09 20:10:43 | 01,828,705 | ---- | C] () -- C:\DOCUME~1\Rene'\My Documents\lightroom.docx
[2009/03/08 15:49:29 | 00,099,162 | ---- | C] () -- C:\DOCUME~1\Rene'\My Documents\A Flower A Day Chrysanthemum.docx
[2009/03/07 13:13:03 | 00,154,191 | ---- | C] () -- C:\DOCUME~1\Rene'\My Documents\Child's sun hat pattern.docx
[2009/03/07 11:59:53 | 00,032,469 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b9ff9794537e76[1].jpg
[2009/03/07 11:59:25 | 00,040,650 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96c5434537e75[1].jpg
[2009/03/07 11:59:15 | 00,043,780 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96bb534537e75[1].jpg
[2009/03/07 11:59:06 | 00,043,938 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96ae1e4537e75[1].jpg
[2009/03/07 11:58:51 | 00,040,681 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b8a86964537e75[1].jpg
[2009/03/07 11:58:33 | 00,038,915 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b7f7c9b4537e75[1].jpg
[2009/03/01 14:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/01 14:38:08 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
[2009/02/28 12:00:22 | 00,025,951 | ---- | C] () -- C:\DOCUME~1\Rene'\Desktop\size conv.docx
[2009/02/17 17:25:12 | 00,011,272 | ---- | C] () -- C:\DOCUME~1\Rene'\My Documents\2008 house rental.xlsx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[1 C:\DOCUME~1\Rene'\Desktop\*.tmp files]
[2009/03/14 13:55:15 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Rene'\Desktop\OTListIt2.exe
[2009/03/14 13:53:13 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\Rooter.exe
[2009/03/14 13:50:56 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\NTREGOPT.lnk
[2009/03/14 13:50:56 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\ERUNT.lnk
[2009/03/14 13:49:37 | 00,009,334 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\SysRestorePoint_v13.zip
[2009/03/14 13:10:32 | 00,020,907 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/14 13:08:22 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 13:06:21 | 00,193,082 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/14 13:06:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 13:06:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 13:04:34 | 00,269,312 | ---- | M] () -- C:\WINDOWS\SVCHOST.EXE
[2009/03/14 09:21:31 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/03/13 18:11:20 | 00,211,456 | ---- | M] () -- C:\DOCUME~1\Rene'\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 06:04:30 | 03,784,854 | -H-- | M] () -- C:\DOCUME~1\Rene'\Local Settings\Application Data\IconCache.db
[2009/03/09 20:18:18 | 00,001,822 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Photoshop Lightroom 2.2.lnk
[2009/03/09 20:10:43 | 01,828,705 | ---- | M] () -- C:\DOCUME~1\Rene'\My Documents\lightroom.docx
[2009/03/08 15:49:30 | 00,099,162 | ---- | M] () -- C:\DOCUME~1\Rene'\My Documents\A Flower A Day Chrysanthemum.docx
[2009/03/07 13:13:03 | 00,154,191 | ---- | M] () -- C:\DOCUME~1\Rene'\My Documents\Child's sun hat pattern.docx
[2009/03/07 11:59:40 | 00,032,469 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b9ff9794537e76[1].jpg
[2009/03/07 11:58:59 | 00,043,938 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96ae1e4537e75[1].jpg
[2009/03/07 11:58:59 | 00,040,650 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96c5434537e75[1].jpg
[2009/03/07 11:58:58 | 00,043,780 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b96bb534537e75[1].jpg
[2009/03/07 11:58:44 | 00,040,681 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b8a86964537e75[1].jpg
[2009/03/07 11:58:06 | 00,038,915 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\4757ad0b7f7c9b4537e75[1].jpg
[2009/03/04 21:08:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/01 14:50:32 | 00,303,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/01 14:50:16 | 00,303,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090301-145032.backup
[2009/02/28 12:00:22 | 00,025,951 | ---- | M] () -- C:\DOCUME~1\Rene'\Desktop\size conv.docx
[2009/02/17 17:30:48 | 00,011,272 | ---- | M] () -- C:\DOCUME~1\Rene'\My Documents\2008 house rental.xlsx

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> C:\DOCUME~1\Rene'\Desktop\Thumbs.db:encryptable
< End of report >

#2 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 14 March 2009 - 08:06 AM

Hi there I can see where you were infected from - keygens these are not as free as you think they bring some unwanted freeloaders with them. Do you connect via a router ?

Run OTList2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{49746679-07D6-41B5-B3C2-0059DDB1F75C}\\NameServer = 85.255.112.176,85.255.112.189
O33 - MountPoints2\D\Shell\Open\command - "" = D:\RECYCLER\S-3-5-19-100014515-100023812-100009559-7704.com -- [2009/03/10 05:44:04 | 00,019,968 | RHS- | M] ()

:Files
C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen
C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Logs required : OTLI2 and MBAM

#3 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 14 March 2009 - 12:05 PM

OK, I ran the OTListit2 program and when I restarted my computer I had the same error again. It has taken me a couple hours trying to reconnect to the internet. I had to disable automatic updates and BITS. Also, I had to restore to my last known good config. I did not use the Malwarebytes' Anti-Malware yet because of all the problems I was having. Here is the OTList after the first reboot.

========== OTLISTIT ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49746679-07D6-41B5-B3C2-0059DDB1F75C}\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
D:\RECYCLER\S-3-5-19-100014515-100023812-100009559-7704.com moved successfully.
========== FILES ==========
C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen moved successfully.
File/Folder C:\DOCUME~1\Rene'\Desktop\Stuff\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen not found.
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen\CS4 Master Collection KeyGen moved successfully.
C:\DOCUME~1\Rene'\Desktop\Stuff\CS4_Master_Collection_KeyGen moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Rene'\Local Settings\Temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rene'\Local Settings\Temp\~DFBF20.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_zMYZIptuhVflCdI scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_3N2fCPu26Yw2ZEG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_AClmPfigtpKLVNu scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_eWgG9J5pZKVKASv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_KU1Gb583fg082uU scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_RRLuW3cW7GtiC4l scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a3c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_afcnoytq6PWhcP8 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_QeHNbWp90Zzigld scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_x8OUyzzqyhPXCpp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.3.6 log created on 03142009_163841

Files moved on Reboot...
File C:\Documents and Settings\Rene'\Local Settings\Temp\Perflib_Perfdata_4d4.dat not found!
C:\Documents and Settings\Rene'\Local Settings\Temp\~DFBF20.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_zMYZIptuhVflCdI not found!
File C:\WINDOWS\temp\mcmsc_3N2fCPu26Yw2ZEG not found!
File C:\WINDOWS\temp\mcmsc_AClmPfigtpKLVNu not found!
File C:\WINDOWS\temp\mcmsc_eWgG9J5pZKVKASv not found!
File C:\WINDOWS\temp\mcmsc_KU1Gb583fg082uU not found!
File C:\WINDOWS\temp\mcmsc_RRLuW3cW7GtiC4l not found!
File C:\WINDOWS\temp\Perflib_Perfdata_a3c.dat not found!
C:\WINDOWS\temp\sqlite_afcnoytq6PWhcP8 moved successfully.
C:\WINDOWS\temp\sqlite_QeHNbWp90Zzigld moved successfully.
C:\WINDOWS\temp\sqlite_x8OUyzzqyhPXCpp moved successfully.
File C:\WINDOWS\temp\WFV2.tmp not found!

Registry entries deleted on Reboot...

#4 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 14 March 2009 - 12:10 PM

OK I think we will go straight to the big boy now. If need be this can be run in safe mode

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

#5 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 14 March 2009 - 01:42 PM

Well, Windows started up much faster and I can get onto the internet without any problems this time. Can I enable my McAfee Anti Virus again? Also, Windows Updater is prompting to install new updates. Should I go ahead and update?

ComboFix 09-03-13.02 - Rene' 2009-03-14 19:30:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1612 [GMT 1:00]
Running from: c:\documents and settings\Rene'\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rene'\Start Menu\Programs\WatchFree
c:\program files\INSTALL.LOG
c:\recycler\S-2-0-78-100030353-100021073-100031761-1605.com
c:\windows\regedit.com
c:\windows\svchost.exe
c:\windows\system32\drivers\gaopdxqpkhlnipfmrwkltabuheaewqmlwqrnij.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxjkrgoxjxdnthfqjwprqolqaimotptmxt.dll
c:\windows\system32\taskmgr.com
D:\Autorun.inf
D:\install.exe
d:\recycler\S-2-0-78-100030353-100021073-100031761-1605.com
d:\recycler\S-3-8-15-100012885-100013950-100001330-5529.com
d:\recycler\S-8-2-41-100014133-100032414-100003927-7551.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-14 16:38 . 2009-03-14 16:38 <DIR> d-------- C:\_OTListIt
2009-03-14 13:52 . 2009-03-14 13:53 <DIR> d-------- C:\Rooter$
2009-03-14 13:50 . 2009-03-14 13:51 <DIR> d-------- c:\program files\ERUNT
2009-03-13 06:09 . 2009-03-13 11:16 <DIR> d-------- c:\program files\Western Digital
2009-03-12 19:52 . 2008-04-13 20:40 43,904 --a------ c:\windows\system32\drivers\sbp2port.sys
2009-03-12 19:52 . 2008-04-13 20:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2009-03-09 21:08 . 2009-03-09 21:09 <DIR> d-------- c:\program files\onOne Software
2009-03-01 14:38 . 2009-03-01 14:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-01 14:38 . 2009-03-01 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-09 20:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 15:28 --------- d-----w c:\documents and settings\Rene'\Application Data\PDG Studyware
2009-02-11 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 18:47 --------- d-----w c:\program files\McAfee
2009-02-10 06:05 --------- d-----w c:\documents and settings\Rene'\Application Data\Download Manager
2009-02-07 10:48 --------- d-----w c:\documents and settings\Rene'\Application Data\DisplayTune
2009-02-07 10:42 --------- d-----w c:\program files\Portrait Displays
2009-02-07 10:42 --------- d-----w c:\program files\Common Files\Portrait Displays
2009-01-02 15:45 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-02 15:44 1,756 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-28 13:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Microsoft Windows Network"="svchost.exe" [2008-04-14 c:\windows\system32\svchost.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-19 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-24 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\My Downloads\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-06-01 5314]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-06-01 7610]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - Bonjour Service
*Deregistered* - Brother XP spl Service
*Deregistered* - Browser
*Deregistered* - CCALib8
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - DTSRVC
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVCOMSer
*Deregistered* - LVPrcSrv
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - mcmscsvc
*Deregistered* - McNASvc
*Deregistered* - McProxy
*Deregistered* - McShield
*Deregistered* - MpfService
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - nvata
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PdiPorts
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - Wdf01000
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4679199d-3456-11dd-8c3e-001a924e86ed}]
\Shell\AutoRun\command - M:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af210483-57c9-11db-95a3-806d6172696f}]
\Shell\AutoRun\command - I:\AUTORUN.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Easy SpyRemover - c:\program files\Easy SpyRemover\EasySpyRemover.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit - d:\my downloads\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 19:49:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,e8,0e,24,ba,50,b5,2b,fd,da,b9,64,25,1c,3a,2e,c5,7f,bb,0c,d1,26,af,
70,f8,ba,6e,1a,05,28,88,4b,85,c3,13,77,35,4a,4d,78,85,06,0f,ae,b0,08,94,bd,\
"??"=hex:20,b0,e6,41,2c,a6,f6,7f,64,67,bb,56,b5,39,39,45

[HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:bb,59,c1,eb,aa,68,9a,fb,f5,6e,17,9d,b5,ee,34,05,fd,63,53,da,75,
f6,21,ad,20,57,e3,31,ce,97,60,86,87,20,9d,13,89,58,a2,3f,10,89,86,47,82,b4,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-03-14 20:18:05
ComboFix-quarantined-files.txt 2009-03-14 19:17:20

Pre-Run: 66,620,436,480 bytes free
Post-Run: 66,657,431,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=5 LastKnownGood=6 Sets=1,3,4,5,6
288

OTListIt logfile created on: 3/14/2009 8:38:09 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.6 Folder = C:\Documents and Settings\Rene'\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 63.90% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 62.10 Gb Free Space | 44.45% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 234.83 Gb Free Space | 78.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT
Current User Name: Rene'
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Rene'\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (brmfrmps [On_Demand | Stopped]) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DTSRVC [Auto | Running]) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ADIDTSFiltService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApogeeIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\apogeeio.sys (Apogee Instruments)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (L8042Kbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LMImirr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMImirr.sys (LogMeIn, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (MaxImIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\maximio.sys (Diffraction Limited)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pdiddcci [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (PdiPorts [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (pepifilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SCRx31 USB Reader [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\stc2.sys (SCM Microsystems Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (STCFUx32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\STCFUx32.SYS (SCM Microsystems Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/09/14 05:27:07 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2008/12/27 06:04:18 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/12 05:46:43 00,000,000 | ---D | M]

O1 HOSTS File: (303088 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 googleads.g.doubleclick.net
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder (Portrait Displays, Inc)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Downloads\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphoto...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\bw+0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {2fe4817e-0080-46f3-a7a1-9193c1eed637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {2FE4817E-0080-46F3-A7A1-9193C1EED637} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{4679199d-3456-11dd-8c3e-001a924e86ed}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af210483-57c9-11db-95a3-806d6172696f}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/03/14 19:23:18 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/14 19:23:14 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/14 19:23:12 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/14 19:22:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/14 19:22:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/14 19:22:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/14 19:22:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/14 19:22:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/14 19:22:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/14 19:22:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/14 19:22:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/14 19:22:07 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/14 19:13:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/14 19:12:19 | 02,933,599 | R--- | C] () -- C:\Documents and Settings\Rene'\Desktop\Combo-Fix.exe
[2009/03/14 19:03:40 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rene'\Desktop\mbam-setup.exe
[2009/03/14 17:53:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/03/14 16:38:41 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/14 13:55:12 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rene'\Desktop\OTListIt2.exe
[2009/03/14 13:53:13 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\Rooter.exe
[2009/03/14 13:52:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/14 13:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/14 13:50:56 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\NTREGOPT.lnk
[2009/03/14 13:50:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\ERUNT.lnk
[2009/03/14 13:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/14 13:49:52 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Rene'\Desktop\SysRestorePoint.exe
[2009/03/14 13:49:37 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\SysRestorePoint_v13.zip
[2009/03/14 08:56:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/03/13 06:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rene'\Local Settings\Application Data\{4F717BFB-FF31-477F-85D1-7BABC44363EC}
[2009/03/13 06:10:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rene'\Local Settings\Application Data\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
[2009/03/13 06:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2009/03/12 19:52:35 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sbp2port.sys
[2009/03/12 19:52:35 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/03/09 21:08:50 | 00,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2009/03/09 20:18:18 | 00,001,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.2.lnk
[2009/03/09 20:10:43 | 01,828,705 | ---- | C] () -- C:\Documents and Settings\Rene'\My Documents\lightroom.docx
[2009/03/08 15:49:29 | 00,099,162 | ---- | C] () -- C:\Documents and Settings\Rene'\My Documents\A Flower A Day Chrysanthemum.docx
[2009/03/07 13:13:03 | 00,154,191 | ---- | C] () -- C:\Documents and Settings\Rene'\My Documents\Child's sun hat pattern.docx
[2009/03/07 11:59:53 | 00,032,469 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b9ff9794537e76[1].jpg
[2009/03/07 11:59:25 | 00,040,650 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96c5434537e75[1].jpg
[2009/03/07 11:59:15 | 00,043,780 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96bb534537e75[1].jpg
[2009/03/07 11:59:06 | 00,043,938 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96ae1e4537e75[1].jpg
[2009/03/07 11:58:51 | 00,040,681 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b8a86964537e75[1].jpg
[2009/03/07 11:58:33 | 00,038,915 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b7f7c9b4537e75[1].jpg
[2009/03/01 14:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/01 14:38:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/28 12:00:22 | 00,025,951 | ---- | C] () -- C:\Documents and Settings\Rene'\Desktop\size conv.docx
[2009/02/17 17:25:12 | 00,011,272 | ---- | C] () -- C:\Documents and Settings\Rene'\My Documents\2008 house rental.xlsx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Rene'\Desktop\*.tmp files]
[2009/03/14 20:35:57 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 20:33:54 | 00,193,082 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/14 20:33:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 20:33:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 20:32:23 | 00,021,063 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/14 19:50:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/14 19:23:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/14 19:12:19 | 02,933,599 | R--- | M] () -- C:\Documents and Settings\Rene'\Desktop\Combo-Fix.exe
[2009/03/14 19:03:48 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rene'\Desktop\mbam-setup.exe
[2009/03/14 13:55:15 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rene'\Desktop\OTListIt2.exe
[2009/03/14 13:53:13 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\Rooter.exe
[2009/03/14 13:50:56 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\NTREGOPT.lnk
[2009/03/14 13:50:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\ERUNT.lnk
[2009/03/14 13:49:37 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\SysRestorePoint_v13.zip
[2009/03/14 09:21:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/13 18:11:20 | 00,211,456 | ---- | M] () -- C:\Documents and Settings\Rene'\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 06:04:30 | 03,784,854 | -H-- | M] () -- C:\Documents and Settings\Rene'\Local Settings\Application Data\IconCache.db
[2009/03/09 20:18:18 | 00,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.2.lnk
[2009/03/09 20:10:43 | 01,828,705 | ---- | M] () -- C:\Documents and Settings\Rene'\My Documents\lightroom.docx
[2009/03/08 15:49:30 | 00,099,162 | ---- | M] () -- C:\Documents and Settings\Rene'\My Documents\A Flower A Day Chrysanthemum.docx
[2009/03/07 13:13:03 | 00,154,191 | ---- | M] () -- C:\Documents and Settings\Rene'\My Documents\Child's sun hat pattern.docx
[2009/03/07 11:59:40 | 00,032,469 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b9ff9794537e76[1].jpg
[2009/03/07 11:58:59 | 00,043,938 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96ae1e4537e75[1].jpg
[2009/03/07 11:58:59 | 00,040,650 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96c5434537e75[1].jpg
[2009/03/07 11:58:58 | 00,043,780 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96bb534537e75[1].jpg
[2009/03/07 11:58:44 | 00,040,681 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b8a86964537e75[1].jpg
[2009/03/07 11:58:06 | 00,038,915 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b7f7c9b4537e75[1].jpg
[2009/03/04 21:08:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/01 14:50:32 | 00,303,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/01 14:50:16 | 00,303,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090301-145032.backup
[2009/02/28 12:00:22 | 00,025,951 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\size conv.docx
[2009/02/17 17:30:48 | 00,011,272 | ---- | M] () -- C:\Documents and Settings\Rene'\My Documents\2008 house rental.xlsx

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Rene'\Desktop\Thumbs.db:encryptable
< End of report >

#6 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 14 March 2009 - 02:01 PM

That looks better

Quote

Can I enable my McAfee Anti Virus again? Also, Windows Updater is prompting to install new updates. Should I go ahead and update?

Yes

Do you recognise these JPG files ?

Quote

[2009/03/07 11:59:40 | 00,032,469 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b9ff9794537e76[1].jpg
[2009/03/07 11:58:59 | 00,043,938 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96ae1e4537e75[1].jpg
[2009/03/07 11:58:59 | 00,040,650 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96c5434537e75[1].jpg
[2009/03/07 11:58:58 | 00,043,780 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b96bb534537e75[1].jpg
[2009/03/07 11:58:44 | 00,040,681 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b8a86964537e75[1].jpg
[2009/03/07 11:58:06 | 00,038,915 | ---- | M] () -- C:\Documents and Settings\Rene'\Desktop\4757ad0b7f7c9b4537e75[1].jpg

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

#7 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 14 March 2009 - 02:06 PM

Yes, I do recognize the JPEG's on my desktop. They are pictures I took with my camera. I am running Malwarebytes' Anti-Malware now.

#8 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 14 March 2009 - 02:06 PM

#9 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 14 March 2009 - 02:55 PM

Loks like everything is running smooth again

Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3

3/14/2009 9:50:11 PM
mbam-log-2009-03-14 (21-50-11).txt

Scan type: Quick Scan
Objects scanned: 77557
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 14 March 2009 - 04:33 PM

OK then subject to no further problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Secunia Software inspector To check your programme update status
Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#11 scott15318

Group: Member
Posts: 6
Joined: 14-March 09

Posted 15 March 2009 - 03:31 AM

Thank you for your help, everything is running great and I installed the programs you suggested.

#12 Essexboy

Group: GeekU Moderator
Posts: 55,466
Joined: 31-May 06

Posted 15 March 2009 - 05:46 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

svchost.exe application error malware problem [Solved] - Geeks to Go Forums