Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC was rebooting with a funny error message [Closed]


  • This topic is locked This topic is locked

#1
Cixelsyd

Cixelsyd

    Member

  • Member
  • PipPip
  • 82 posts
MY PC was getting an error and I didn't write it down... I instead googled it on my laptop and I found an article that said use Shutdown -a to stop the timer from rebooting my computer.

I did that... now I have no internet on the PC. When it reboots I get this error -

"HPA.0 Device Object Server. RPC Server Unavailable max retry attempts"

When I try to run Malwarebytes I get -

"Runtime error '372' failed to load control 'vbalgrid' from vbalsgrid6.0cx."

I have McAfee but it is non responsive... the shield is in the app tray but when I hover you see nothing and clicking or selecting from the program menu does nothing.

Firefox will open but won't connect. IE just flashes and shutsdown.

I didn't want to proceed without asking for help here.... Please let me know what I should do next. Again, there is no internet on the PC right now... so I'm guessing I will have to download from my laptop to a thumb drive to move anything over.

Thanks,

Cixelsyd
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hello Cixelsyd, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • I am in training and there might be a delay between posts because they have to be check by an expert.
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.

I am making instructions and will post back after they are checked.
  • 0

#3
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

On your clean computer download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Then download OTL and GMER to your flash drive.



On your infected computer open up OTL and click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Save these files on your flash drive and post them here.

After you run OTL, run GMER
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#4
Cixelsyd

Cixelsyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
The GMER program stopped responding... I waited 2 hours... is it suppose to take that long?

Here is the OTL information.

*********************** OTL.TXT ********************************

OTL logfile created on: 5/16/2010 2:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = I:\antispy
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 622.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.23 Gb Total Space | 22.39 Gb Free Space | 34.85% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 40.38 Gb Free Space | 27.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 14.94 Gb Total Space | 1.07 Gb Free Space | 7.19% Space Free | Partition Type: NTFS

Computer Name: XPS
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 14:22:20 | 000,571,392 | ---- | M] (OldTimer Tools) -- I:\antispy\OTL.exe
PRC - [2010/04/09 07:15:14 | 003,378,112 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2009/11/19 09:04:20 | 000,095,744 | ---- | M] (SkyHawke Inc.) -- C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
PRC - [2009/10/01 10:53:04 | 000,403,015 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/08/31 12:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2006/05/10 12:32:32 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
PRC - [2006/04/29 06:21:28 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2006/04/27 15:33:48 | 000,094,295 | ---- | M] () -- C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
PRC - [2006/03/27 16:04:00 | 000,712,704 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2006/02/06 09:22:54 | 018,583,552 | ---- | M] (EMC Dantz Development Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress.exe
PRC - [2006/02/06 09:22:54 | 000,073,728 | ---- | M] (EMC Dantz) -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
PRC - [2005/02/25 17:28:03 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/10/13 19:28:54 | 000,397,312 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
PRC - [2004/06/29 10:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/11 08:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2003/04/22 02:43:44 | 000,413,775 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2003/04/09 19:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2002/03/21 21:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 14:22:20 | 000,571,392 | ---- | M] (OldTimer Tools) -- I:\antispy\OTL.exe
MOD - [2010/02/04 11:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2009/10/01 10:49:26 | 000,043,585 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.23.0.11\plx_hook.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/11/13 17:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2006/02/06 09:22:54 | 000,073,728 | ---- | M] (EMC Dantz) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -- (RetroExpLauncher)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/13 19:26:50 | 000,163,840 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe -- (DPFUSMgr)
SRV - [2004/10/13 19:21:26 | 000,225,280 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost)
SRV - [2004/10/04 13:12:50 | 000,057,344 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/07 07:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/05 18:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 18:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/01/05 18:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/05 18:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/01/05 18:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/01/05 18:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/01/05 18:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/01/05 18:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/01/01 10:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/05/30 06:22:36 | 000,025,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VClone.sys -- (VClone)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/20 09:55:04 | 000,032,256 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\maplom.sys -- (Maplom)
DRV - [2006/08/02 10:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2006/05/23 16:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/05/12 00:34:00 | 003,189,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2005/04/06 15:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2004/09/26 18:42:00 | 000,345,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (DELL_A02)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 14:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 09:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 17:59:14 | 000,034,560 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\UsbdpFP.sys -- (UsbdpFP)
DRV - [2004/08/04 17:58:08 | 000,032,640 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dpK0Bx01.sys -- (dpK0Bx01)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 09:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 09:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 09:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 09:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 09:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 09:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 10:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/19 01:00:00 | 000,091,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P1171Vid.sys -- (P1171VID)
DRV - [2003/11/12 19:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/07/27 15:14:38 | 000,012,722 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\echodap.sys -- (echodap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/19 21:30:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/22 14:55:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/22 14:55:23 | 000,000,000 | ---D | M]

[2009/07/27 16:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/04/18 11:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\w97agxoq.default\extensions
[2009/09/07 22:22:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\w97agxoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/02 15:43:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\w97agxoq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/27 14:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 18:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100421082913.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CaddieSyncLauncher] C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe (SkyHawke Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] D:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [PlayhouseDisneyDownloadManager] c:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress.exe (EMC Dantz Development Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\plaxosystray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/04/20 02:01:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/04/20 02:01:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/04/20 02:01:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/04/20 02:01:13 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...99/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.co...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} https://www13.wirele...SyncInstall.cab (Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...0.18/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bw+0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {f1478147-5307-459d-b32f-63246c6bc547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {F1478147-5307-459D-B32F-63246C6BC547} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DPWLN : DllName - C:\WINDOWS\system32\DPWLEvHd.dll - C:\WINDOWS\SYSTEM32\DPWLEvHd.dll (DigitalPersona, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 15:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/20 02:47:26 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/20 02:47:26 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/09/07 11:50:30 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/21 08:29:13 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/21 08:29:06 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/21 08:29:06 | 000,312,584 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/21 08:29:06 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/21 08:29:06 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/21 08:29:06 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/21 08:29:06 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/21 08:29:06 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/21 08:29:06 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/21 08:29:06 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/07 07:28:12 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/03/30 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 16:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/30 16:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/30 16:33:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/19 06:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/13 11:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\SkyGolf
[2005/01/17 06:54:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steve\*.tmp files -> C:\Documents and Settings\Steve\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 10:15:29 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/05/16 09:27:27 | 000,022,477 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/16 09:00:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/16 09:00:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/16 09:00:19 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/16 09:00:19 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/16 09:00:19 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/16 09:00:19 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2010/05/16 09:00:19 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/16 09:00:19 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/16 09:00:19 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2010/05/16 09:00:19 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2010/05/02 23:41:50 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/05/02 23:41:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve\NTUSER.INI
[2010/04/27 23:43:10 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2010/04/22 20:13:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/20 16:25:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/20 15:27:05 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/20 14:28:13 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/04/15 03:03:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 17:21:07 | 000,000,191 | ---- | M] () -- D:\My Documents\DPE.DUS
[2010/04/07 07:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/03/31 03:21:59 | 000,524,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 03:21:59 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/31 03:21:59 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/19 06:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/13 11:03:31 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\CaddieSync.lnk
[2010/02/21 11:09:08 | 000,535,945 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\houston trip receipts.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steve\*.tmp files -> C:\Documents and Settings\Steve\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 11:03:31 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\CaddieSync.lnk
[2010/02/21 11:08:48 | 000,535,945 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\houston trip receipts.pdf
[2007/10/14 23:54:50 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/04/14 13:27:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/23 11:33:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/21 10:42:17 | 000,001,359 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/01 19:21:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 19:53:38 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/05/12 00:34:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/04/15 16:48:32 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/03/19 15:45:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/19 15:41:13 | 000,001,261 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2005/03/16 08:10:29 | 000,050,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/02/24 18:56:29 | 000,000,418 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/01/17 07:00:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/17 06:58:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/17 06:54:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/17 06:54:11 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/01/17 06:54:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/17 06:54:10 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/01/17 06:53:42 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/17 06:31:22 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 15:22:58 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/18 11:01:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2004/08/10 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/06 13:21:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dpexpat.dll
[2001/12/19 12:27:32 | 000,000,527 | ---- | C] () -- C:\WINDOWS\System32\DpGina.dll.manifest
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/04/22 20:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/08/23 18:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney
[2007/01/12 09:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2005/10/09 10:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2005/01/17 06:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2010/05/16 09:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2007/09/06 17:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
[2007/02/17 06:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2005/11/24 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2007/06/26 17:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/03/31 10:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 15:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 09:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/04/12 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Command & Conquer 3 Kane's Wrath
[2007/03/30 16:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Command & Conquer 3 Tiberium Wars
[2006/01/10 01:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Costco Photo Organizer
[2006/01/10 01:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Costco Photo Viewer
[2005/12/16 01:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\DigitalPersona
[2007/12/22 16:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Disney Mix It Plug-in
[2006/08/25 18:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2007/07/16 21:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LinkedIn
[2005/10/09 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\MSN Search Toolbar
[2005/04/24 20:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\MSNInstaller
[2006/09/15 12:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Simple Star
[2010/03/13 11:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SkyGolf
[2007/01/12 12:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SlySoft
[2009/04/04 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Snapfish
[2007/04/20 07:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\tunebite
[2007/06/26 22:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Ulead Systems
[2005/05/25 18:32:53 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1109381015.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8A019CC99972AFBE
< End of report >



********************************* EXTRAS.TXT ******************************************

OTL Extras logfile created on: 5/16/2010 2:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = I:\antispy
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 622.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.23 Gb Total Space | 22.39 Gb Free Space | 34.85% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 40.38 Gb Free Space | 27.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 14.94 Gb Total Space | 1.07 Gb Free Space | 7.19% Space Free | Partition Type: NTFS

Computer Name: XPS
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1133490243\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133490243\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1133490243\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1133490243\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\WINDOWS\EHOME\ehshell.exe" = C:\WINDOWS\EHOME\ehshell.exe:LocalSubNet:Enabled:Media Center -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1034BE34-1569-4889-831D-C2C3F2CB2F73}" = Photo Explosion Deluxe 3.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{169F8893-C1C5-4847-972C-EA1E008112AC}" =
"{17A7FDBC-FB38-4258-B623-BCBA212BC25D}" = Costco Photo Organizer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C220811-048F-4D60-B42E-B86027C57372}" = LightScribe 1.4.119.1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{222285C2-037F-4AF9-83B3-B33A7288EC9D}" = Disney Mix It Plug-in
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236FADD8-58FD-11D6-A285-00A0CC51B2FE}" =
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{435E969D-867E-4364-8E74-3DC8A69C5BDB}" =
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Brookstone Image Transfer 1.0
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}" =
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{5F20B339-A3E0-4DD5-8DF7-D5AB47894643}" = Wireless Sync Client
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{67AEFC4C-69E4-11D7-85F4-00E018013273}" =
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7201B853-5833-11D6-A285-00A0CC51B2FE}" =
"{72A810B1-EE62-455A-A086-E1C9FEDE7F29}" =
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A900EAB-DA37-4554-AF19-9C337476D05D}" =
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8867CEBD-E6C0-4C7A-83B3-9E45669A1033}" = Nero 7 Essentials
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{9154ED7C-926E-49CC-B677-0CF3C5267457}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}" =
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A1185190-514F-11D6-A285-00A0CC51B2FE}" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}" = Retrospect Express HD 1.1
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC157741-3285-4D6A-B934-9174587A3493}" =
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B3549608-69D3-11D7-AB2D-0090271A23A2}" =
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}" =
"{C6C136D9-B41E-46ED-A8ED-A84D18B7CA31}" = DigitalPersona Password Manager 1.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}" =
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE6699B3-E5AD-4E59-8F2B-207DF630670C}" =
"{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}" =
"{FD851F7E-F887-405D-9E1C-488811113EF3}" =
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"2001 TurboTax Deluxe" = 2001 TurboTax Deluxe
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Apollo DVD Copy_is1" = Apollo DVD Copy 4.2.2
"AudioHQ" =
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bodog Poker_is1" = Bodog Poker Version 2.4.0.19
"Branding" =
"Call of Duty" = Call of Duty
"CDCheck" = CDCheck
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"Connection Manager" =
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative MediaSource" =
"Creative MediaSource Detector" =
"Creative MediaSource DVD-Audio Player" =
"Creative MediaSource Go!" =
"Creative MediaSource Player Skin Pack" =
"Creative MiniDisc Center" =
"Creative PD1171" = Creative WebCam Notebook Driver (1.04.01.0322)
"Creative Restore Defaults" =
"Creative WaveStudio" =
"Diagnostics_Audigy2" =
"DIG Game Manager" = DIG Game Manager
"DirectAnimation" =
"DirectDrawEx" =
"Disney's Toontown Online" = Disney's Toontown Online
"dlatray.exe" =
"DraftDominator_is1" = DraftDominator Version 8.0d Full
"DTS Console" =
"DVD Shrink_is1" = DVD Shrink 3.2
"DXM_Runtime" =
"EAX" =
"EHome Devices" = Media Center Extender
"EQUALIZER" =
"ESPNMotion" = ESPNMotion
"Fast Plans 10_is1" = Fast Plans 10
"Fontcore" =
"Game Jackal_is1" = Game Jackal v2.9.18.565
"GameSpy Arcade" = GameSpy Arcade
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"MobileOptionPack" =
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab" = Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNINST" = MSN
"Nero PhotoShow Express" = Nero PhotoShow Express
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpress" =
"PartyPoker" = PartyPoker
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Plaxo" = Plaxo Toolbar for Windows
"Playhouse Disney" = Playhouse Disney
"Playhouse Disney Download Manager" = Playhouse Disney Download Manager
"PokerStars" = PokerStars
"Projections Dominator_is1" = Projections Dominator Version 2.0b
"QuikInstall_is1" = QuikInstall 1.0.5
"RealJukebox 1.0" =
"RealPlayer 6.0" = RealPlayer
"RecordNow.exe" =
"RiseOfNations 1.0" =
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SchedulingAgent" =
"SFBM" =
"SGTRAY.EXE" =
"SkyCaddieDesktop" = SkyCaddie Desktop
"Sound Blaster Audigy 2 ZS" =
"Sound Blaster Audigy 2 ZS Windows Drivers" =
"SPEAKER" =
"SPKR_CALIBRATOR" =
"SURMIXER" =
"THX_Console" =
"TradeDominator_is1" = TradeDominator version 3.0a
"TurboTax 2005" = TurboTax 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2004" = TurboTax Premier 2004
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Photos Drag-Drop Uploader 1v4" = Yahoo! Photos Easy Upload Tool 1v4
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dbe155cdce0afcb0" = LiveProject
"ESPN Java Check" = ESPN Java Check
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2010 11:14:44 PM | Computer Name = XPS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 4/22/2010 11:14:44 PM | Computer Name = XPS | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 4/22/2010 11:18:45 PM | Computer Name = XPS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/22/2010 11:18:48 PM | Computer Name = XPS | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 4/22/2010 11:25:22 PM | Computer Name = XPS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/22/2010 11:25:24 PM | Computer Name = XPS | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 4/27/2010 4:01:12 AM | Computer Name = XPS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/27/2010 4:01:14 AM | Computer Name = XPS | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 5/16/2010 12:27:33 PM | Computer Name = XPS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/16/2010 12:27:35 PM | Computer Name = XPS | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 10/1/2009 4:02:34 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {000209FF-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/1/2009 4:02:24 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {000209FF-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/6/2009 6:40:54 PM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 11/25/2009 7:20:05 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 11/25/2009 11:01:50 PM | Computer Name = XPS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.102 for the Network Card with network
address 001111BD7495 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/1/2009 5:02:20 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {000209FF-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 12/4/2009 1:07:52 PM | Computer Name = XPS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.103 for the Network Card with network
address 001111BD7495 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/1/2010 5:02:25 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {000209FF-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/1/2010 5:02:18 AM | Computer Name = XPS | Source = DCOM | ID = 10010
Description = The server {000209FF-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#5
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

What else have you done to try to fix the problem?
When did the error messages start?

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#6
Cixelsyd

Cixelsyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
This problem started about 2 weeks prior to the post, but I hadn't had time to deal with it.

I got the original error message (which I don't recall completely) that would keep saying something happened and a timer would go off... then shut the computer down.

I googled the message and saw something about using shutdown -a to kill the timer...

After that I tried to run malwarebytes but it got the error in my original message, this was when I realized I didn't even have internet...

Will try what you posted now.
  • 0

#7
Cixelsyd

Cixelsyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
As mentioned in the original post I don't have internet connectivity on this PC because of whatever issue it is having... which means I won't be able to run the update... is there a way I can run the update on my Laptop and move the file to the PC?
  • 0

#8
Cixelsyd

Cixelsyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
The program went no responsive also... What do I do?
  • 0

#9
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select:
    • Application
    • System
  • Under 'Select type to list', select:
    • Error
    • Information
    • Warning
  • Click the radio button for 'Date of events'
    In the From: 01 05 2010
    In the To: 22 05 2010
    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply


Then,

We will need to re-register a few MBAM files

Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):


regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
Once you've done that click on File and select Save As...
In the Save dialogue box click on the drop down menu next to Save as type and select All Files
Name the file MBAM Fix.bat (the .bat extension is very important)
Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
Click OK to each of the 3 dialog boxes that should show a success message for each file registered
If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP