Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect - now browser will not function in normal mode


  • This topic is locked This topic is locked
27 replies to this topic

#1 gialde

gialde

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 12 May 2009 - 10:09 PM

Today I noticed that when I searched anything it posted the results but when I click any link it sends me to a funky site. This is the exact same scenario I've read about in numerous topics on here...looks like everyone has this thing. I'm going to post my DDS log with hopes that there is a relatively easy fix to my situation. Please help!


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Administrator at 21:32:01.23 on Tue 05/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.703 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: BHO: {bbd4551a-9b23-41cd-9bcd-818aa2da7b63} - c:\windows\system32\iehelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155354820843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFE14B90-D594-484A-8878-D342493603F0} - hxxps://access.corp.saint-lukes.org/CitrixLogonPoint/SLHSIA/EPAClient/EPAClient.exe
TCP: {7815C5BF-978E-41F0-9723-A39706F59BFE} = 24.94.163.32,24.94.163.33
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-25 325896]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-25 27784]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-25 298776]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]

=============== Created Last 30 ================

2009-05-12 21:23 664 a------- c:\windows\system32\d3d9caps.dat
2009-05-12 21:11 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-05-12 21:11 <DIR> --d----- c:\docume~1\admini~1\applic~1\Intel
2009-05-12 21:11 <DIR> --d----- c:\documents and settings\Administrator
2009-05-07 10:25 0 ----h--- c:\windows\f5087.dat
2009-05-07 10:24 1 ----h--- c:\windows\msmark2.dat
2009-05-07 10:24 2 ----h--- c:\windows\t55ft2695f44.dat
2009-05-07 10:24 2 ----h--- c:\windows\t55ft2668f44.dat
2009-05-07 10:24 1 ----h--- c:\windows\f23567.dat
2009-04-17 15:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-17 02:19 166,341 -------- c:\windows\hpoins29.dat.temp
2009-04-17 02:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-04-17 02:13 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-17 02:13 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-17 02:12 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-17 02:12 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-04-17 02:12 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-17 02:10 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-17 02:10 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-17 02:10 303,104 a----r-- c:\windows\system32\hpovst14.dll
2009-04-17 02:10 970,752 a----r-- c:\windows\system32\hpotiop6.dll
2009-04-17 02:10 729,088 a----r-- c:\windows\system32\hpowiax8.dll
2009-04-16 23:10 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 23:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 23:10 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 23:10 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 23:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 23:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 23:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 23:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 23:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 23:09 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 23:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 23:09 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-12 20:59 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 20:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 06:40 4,444 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-17 02:26 165,716 a------- c:\windows\hpoins29.dat
2009-03-22 11:27 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 05:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-08-07 14:40 56 ---shr-- c:\windows\system32\F8C56B7240.sys
2008-09-03 23:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 21:32:37.92 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:07 AM

Posted 26 May 2009 - 12:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 27 May 2009 - 09:23 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Default at 9:18:23.68 on Wed 05/27/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.255 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Free iPod Video Converter\ipod_video_converter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Default\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ril456.baseball.cbssports.com/scoring/live
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: BHO: {bbd4551a-9b23-41cd-9bcd-818aa2da7b63} - c:\windows\system32\iehelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: saint-lukes.org\*.corp
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155354820843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFE14B90-D594-484A-8878-D342493603F0} - hxxps://access.corp.saint-lukes.org/CitrixLogonPoint/SLHSIA/EPAClient/EPAClient.exe
TCP: {7815C5BF-978E-41F0-9723-A39706F59BFE} = 24.94.163.32,24.94.163.33
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\afeyw7ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://ril456.baseball.cbssports.com/scoring/live
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\afeyw7ed.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\default\application data\mozilla\plugins\np00682643-E3C8-4BB0-AC75-EAE5308D54B5.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-25 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-25 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]

=============== Created Last 30 ================

2009-05-12 21:23 664 a------- c:\windows\system32\d3d9caps.dat
2009-05-07 10:25 0 ----h--- c:\windows\f5087.dat
2009-05-07 10:24 1 ----h--- c:\windows\msmark2.dat
2009-05-07 10:24 2 ----h--- c:\windows\t55ft2695f44.dat
2009-05-07 10:24 2 ----h--- c:\windows\t55ft2668f44.dat
2009-05-07 10:24 1 ----h--- c:\windows\f23567.dat

==================== Find3M ====================

2009-05-25 11:15 4,444 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-19 20:12 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-05-12 20:59 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 20:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-17 15:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-17 02:26 165,716 a------- c:\windows\hpoins29.dat
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-07 14:40 56 ---shr-- c:\windows\system32\F8C56B7240.sys
2008-09-03 23:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 9:19:11.23 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 27 May 2009 - 05:05 PM

Hi gialde,

There are some traces of infection. It doesn't look too bad at this stage. :)

Let's have a better look at your PC

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 28 May 2009 - 09:29 PM

I ran the scans you requested but the site tells me my post is too large to even paste one of the scan results. Do I need to zip it? What a pain if so! Let me know and I'll re-run the scan and post. Sorry for the delay!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 29 May 2009 - 07:11 AM

Hey gialde,

No, no need to zip it. Post it in separate posts and I'll piece it together :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 May 2009 - 03:53 PM

OTViewIt logfile created on: 5/29/2009 3:42:50 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 235.58 Mb Available Physical Memory | 23.04% Memory free
2.40 Gb Paging File | 1.42 Gb Available in Paging File | 59.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 27.03 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 310.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ72VGB1
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2009/04/17 15:10:01 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2009/05/12 20:59:39 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2003/07/14 22:45:18 | 00,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/03/27 23:51:18 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
[2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2006/02/03 15:20:00 | 01,721,856 | ---- | M] (Jodix.com) -- C:\Program Files\Free iPod Video Converter\ipod_video_converter.exe
[2009/04/23 23:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/05/26 10:28:00 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2009/03/26 15:31:22 | 00,233,848 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
[2008/10/01 14:06:26 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
[2009/05/28 21:29:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt(2).exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2007/04/24 10:53:26 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/07/25 09:54:57 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2006/02/15 23:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2009/05/12 20:59:46 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/05/12 20:59:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/01/24 17:25:07 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2008/01/24 17:25:08 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2008/01/24 17:25:09 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/12/04 09:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"SearchAssistant"=
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=
"Start Page"=http://ril456.baseball.cbssports.com/scoring/live

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=
"Start Page"=http://ril456.baseball.cbssports.com/scoring/live

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (152 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivguardian.com
94.232.248.66 www.antivguardian.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} (HKLM) -- C:\WINDOWS\system32\iehelper.dll File not found
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2008/02/05 15:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}: Button: Bodog Poker -- %ProgramFiles%\Bodog Poker\BPGame.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
saint-lukes.org\*.corp: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
saint-lukes.org\*.corp: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photos.walmart.com/WalmartActivia.cab -- Snapfish Activia
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1155354820843 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{FFE14B90-D594-484A-8878-D342493603F0}: https://access.corp.saint-lukes.org/CitrixL...t/EPAClient.exe -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0CD75DF1-7826-4CD1-ACDC-3FF03DF808E7} (Servers: | Description: )
{7815C5BF-978E-41F0-9723-A39706F59BFE} (Servers: 24.94.163.32,24.94.163.33 | Description: Broadcom 440x 10/100 Integrated Controller)
{7B6073B0-5B1D-455A-8D7B-6B15154AA523} (Servers: | Description: 1394 Net Adapter)
{8C861A08-8B6A-4CD0-ADBE-C03615768B7D} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
OTViewIt logfile created on: 5/29/2009 3:42:50 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 235.58 Mb Available Physical Memory | 23.04% Memory free
2.40 Gb Paging File | 1.42 Gb Available in Paging File | 59.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 27.03 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 310.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ72VGB1
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2009/04/17 15:10:01 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2009/05/12 20:59:39 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2003/07/14 22:45:18 | 00,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/03/27 23:51:18 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
[2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2006/02/03 15:20:00 | 01,721,856 | ---- | M] (Jodix.com) -- C:\Program Files\Free iPod Video Converter\ipod_video_converter.exe
[2009/04/23 23:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/05/26 10:28:00 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2009/03/26 15:31:22 | 00,233,848 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
[2008/10/01 14:06:26 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
[2009/05/28 21:29:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt(2).exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2007/04/24 10:53:26 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/07/25 09:54:57 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2006/02/15 23:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2009/05/12 20:59:46 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/05/12 20:59:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/01/24 17:25:07 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2008/01/24 17:25:08 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2008/01/24 17:25:09 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/12/04 09:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"SearchAssistant"=
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=
"Start Page"=http://ril456.baseball.cbssports.com/scoring/live

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=
"Start Page"=http://ril456.baseball.cbssports.com/scoring/live

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (152 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivguardian.com
94.232.248.66 www.antivguardian.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} (HKLM) -- C:\WINDOWS\system32\iehelper.dll File not found
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2008/02/05 15:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}: Button: Bodog Poker -- %ProgramFiles%\Bodog Poker\BPGame.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
saint-lukes.org\*.corp: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
saint-lukes.org\*.corp: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photos.walmart.com/WalmartActivia.cab -- Snapfish Activia
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1155354820843 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{FFE14B90-D594-484A-8878-D342493603F0}: https://access.corp.saint-lukes.org/CitrixL...t/EPAClient.exe -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0CD75DF1-7826-4CD1-ACDC-3FF03DF808E7} (Servers: | Description: )
{7815C5BF-978E-41F0-9723-A39706F59BFE} (Servers: 24.94.163.32,24.94.163.33 | Description: Broadcom 440x 10/100 Integrated Controller)
{7B6073B0-5B1D-455A-8D7B-6B15154AA523} (Servers: | Description: 1394 Net Adapter)
{8C861A08-8B6A-4CD0-ADBE-C03615768B7D} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea5cb16-29a3-11db-898f-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- [2008/03/19 10:09:00 | 00,574,800 | R--- | M] (Hewlett-Packard)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/28 21:29:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt(2).exe
[2009/05/27 18:36:07 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt.exe
[2009/05/27 09:17:55 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\dds.com
[2009/05/23 16:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Default\My Documents\iMacros
[2009/05/21 08:05:40 | 68,812,7702 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\Let.It.Ride[1989].DVDRip[eng].xvid.sPrG.mp4
[2009/05/13 10:43:33 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/12 21:23:38 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/07 10:25:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\f5087.dat
[2009/05/07 10:24:43 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\msmark2.dat
[2009/05/07 10:24:42 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2695f44.dat
[2009/05/07 10:24:27 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2668f44.dat
[2009/05/07 10:24:27 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\f23567.dat
[2009/05/02 09:04:34 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\Wichita Moose Roster.xls

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/28 21:29:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt(2).exe
[2009/05/28 20:44:14 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C9DD9473-1D39-445D-A702-8A3508C0BDAE}.job
[2009/05/27 18:36:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt.exe
[2009/05/27 09:17:55 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\dds.com
[2009/05/26 10:20:22 | 36,448,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/26 10:20:22 | 00,062,313 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/25 11:15:50 | 00,004,444 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/25 11:15:48 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\40726BC5F8.sys
[2009/05/21 08:42:34 | 68,812,7702 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\Let.It.Ride[1989].DVDRip[eng].xvid.sPrG.mp4
[2009/05/19 20:15:18 | 00,148,480 | ---- | M] () -- C:\Documents and Settings\Default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 20:12:44 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/13 10:47:47 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/13 10:47:47 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 10:47:47 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/13 10:45:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 10:43:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 10:43:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 10:43:33 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 09:23:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/12 20:59:46 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/12 20:59:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/12 20:59:46 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/07 12:03:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/07 10:25:44 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\f5087.dat
[2009/05/07 10:24:43 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\msmark2.dat
[2009/05/07 10:24:42 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2695f44.dat
[2009/05/07 10:24:27 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2668f44.dat
[2009/05/07 10:24:27 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\f23567.dat
[2009/05/07 02:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/02 09:04:34 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\Wichita Moose Roster.xls
< End of report >

#8 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 May 2009 - 03:55 PM

OTViewIt Extras logfile created on: 5/29/2009 3:42:50 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 235.58 Mb Available Physical Memory | 23.04% Memory free
2.40 Gb Paging File | 1.42 Gb Available in Paging File | 59.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 27.03 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 310.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ72VGB1
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008/05/04 22:30:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008/03/16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008/03/16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
[2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
[2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
[2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008/03/26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/26 15:17:59 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/02/05 15:29:18 | 06,190,320 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2007/09/24 22:30:30 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/02/22 02:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2009/05/12 20:49:33 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/06/10 01:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008/05/04 22:30:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008/03/16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008/03/16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
[2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
[2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
[2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008/03/26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/05/12 20:59:43 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00682643-E3C8-4BB0-AC75-EAE5308D54B5}"=SLHS Endpoint Analysis Client
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}"=Status
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}"=PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}"=PSSWCORE
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}"=ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{121DAE1D-FC3E-4304-A011-8A6B7C25DBE7}"=Encompass
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}"=HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{19E16A54-962C-45D6-BDDE-FD01EBB1A086}"=PurePlay Poker
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}"=VideoToolkit01
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}"=File Uploader
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}"=Citrix Presentation Server Client - Web Only
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java™ 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Management Programs
"{27197499-7680-4208-8FD8-5439CDB0FDC1}"=HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}"=C4400
"{29521505-F489-4822-ADFA-32C6DEE4F114}"=TurboTax 2008 WinPerUserEducation
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}"=HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}"=TurboTax 2008 wmoiper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}"=DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}"=PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}"=UnloadSupport
"{593A6CAF-E114-4e31-884F-74FF349E8E36}"=SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}"=C4400_Help
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}"=Roxio Media Manager
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.7
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}"=PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}"=TurboTax 2008 WinPerFedFormset
"{766E4715-B801-46B3-9D91-12288AB88428}"=DB CIF Cam
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}"=DB CIF Cam
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}"=HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}"=TurboTax 2008 WinPerReleaseEngine
"{8A9B8148-DDD7-448F-BD6C-358386D32354}"=Corel Photo Album 6
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}"=PS_AIO_03_C4400_Software
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C93CE61-2752-43C9-A72A-EF8145AE634D}"=Baseball Mogul 2007
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}"=TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}"=AnswerWorks 5.0 English Runtime
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}"=MarketResearch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}"=WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}"=TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}"=TurboTax 2008 WinPerTaxSupport
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}"=BufferChm
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}"=BlackBerry Desktop Software 4.3
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}"=Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}"=SmartWebPrinting
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}"=GPBaseService
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}"=ArcSoft Panorama Maker 4
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}"=HP Photosmart Essential 2.5
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}"=Search Assist
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}"=Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}"=Cards_Calendar_OrderGift_DoMorePlugout
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}"=TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E96B0085-6659-486b-A221-5042A042728D}"=Toolbox
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}"=DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}"=Destination Component
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}"=32 Bit HP CIO Components Installer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCCC1736-143E-4D35-A535-91840BB8C3BE}"=TurboTax 2008 wksiper
"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.5
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}"=BlackBerry Desktop Software 4.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Game Console"=Dell Game Console
"Free iPod Video Converter_is1"=Free iPod Video Converter 1.26
"HP Imaging Device Functions"=HP Imaging Device Functions 11.0
"HP Photosmart Essential"=HP Photosmart Essential 3.0
"HP Smart Web Printing"=HP Smart Web Printing
"HP Solution Center & Imaging Support Tools"=HP Solution Center 11.0
"HPExtendedCapabilities"=HP Customer Participation Program 11.0
"HPOCR"=OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10)
"MP3 Rocket"=MP3 Rocket
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"oggcodecs"=oggcodecs 0.71.0946
"PokerStars"=PokerStars
"ProInst"=Intel® PROSet/Wireless Software
"RealPlayer 6.0"=RealPlayer Basic
"Shop for HP Supplies"=Shop for HP Supplies
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"TurboTax 2008"=TurboTax 2008
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack"=XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3719795567-3043205879-1740981606-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2009 4:20:47 PM | Computer Name = DJ72VGB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/28/2009 3:18:51 AM | Computer Name = DJ72VGB1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 3:12:44 AM | Computer Name = DJ72VGB1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 9:53:06 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x0017e76c.

Error - 4/29/2009 9:53:14 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1001
Description = Fault bucket 1228775505.

Error - 5/4/2009 3:47:22 AM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module mshtml.dll, version 7.0.6000.16825, fault address 0x0003c1b5.

Error - 5/4/2009 7:01:56 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module jvm.dll, version 11.3.0.2, fault address 0x000a96e6.

Error - 5/7/2009 11:24:40 AM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module jscript.dll, version 5.7.0.18066, fault address 0x0001e218.

Error - 5/10/2009 8:27:01 PM | Computer Name = DJ72VGB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/12/2009 9:32:01 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module avgssie.dll, version 8.0.0.223, fault address 0x00026dcf.

[ System Events ]
Error - 5/13/2009 11:01:33 AM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/13/2009 11:01:33 AM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/13/2009 11:42:34 AM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/13/2009 11:45:08 AM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/16/2009 2:34:13 AM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 5/21/2009 2:12:12 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 5/22/2009 5:32:33 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 5/24/2009 9:14:34 AM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 5/27/2009 7:03:37 PM | Computer Name = DJ72VGB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/27/2009 7:03:37 PM | Computer Name = DJ72VGB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

#9 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 May 2009 - 03:58 PM

I removed the portion of the OTViewIt log that was making the size too large. I can tell you it is associated with Snapfish in some way (online photo printing) and is some jibberish in literally dozens of languages. I can piecemeal that portion to you if you feel it is important. I have no idea if it is associated with my problem. Let me know and I'll do whatever. Thanks!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 29 May 2009 - 05:05 PM

Hi gialde,

I'll let you know if I want the Snapfish portion. Until then,

Your logs show that you have an online poker program installed on your computer. I know that you may use these this game on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it.

If you are unsure of anything, please dont hesitate to ask.

Now

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 30 May 2009 - 01:35 PM

ComboFix 09-05-30.01 - Default 05/30/2009 13:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.468 [GMT -5:00]
Running from: c:\documents and settings\Default\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f23567.dat
c:\windows\msmark2.dat
c:\windows\system32\FTPx.dll
c:\windows\t55ft2668f44.dat
c:\windows\t55ft2695f44.dat
c:\windows\wiaservv.log

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-26 15:28 . 2009-05-13 01:59 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-26 15:28 . 2009-05-13 01:59 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-26 15:28 . 2009-05-13 01:59 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-26 15:28 . 2009-05-13 01:59 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-26 15:28 . 2009-05-13 01:59 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-26 15:28 . 2009-05-13 01:59 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-26 15:28 . 2009-05-13 01:59 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-26 15:27 . 2009-05-13 01:49 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-26 15:27 . 2009-05-13 01:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 21:44 . 2009-03-26 22:04 110592 ----a-w c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\afeyw7ed.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-05-13 15:41 . 2009-05-13 15:41 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-13 02:23 . 2009-05-13 14:23 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-07 15:25 . 2009-05-07 15:25 0 ---h--w c:\windows\f5087.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 16:15 . 2006-08-12 03:51 4444 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-25 16:15 . 2007-07-21 19:29 88 --sh--r c:\windows\system32\40726BC5F8.sys
2009-05-20 01:12 . 2008-10-25 03:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-05-19 04:57 . 2007-11-24 04:48 -------- d-----w c:\documents and settings\Default\Application Data\uTorrent
2009-05-13 21:39 . 2009-03-24 15:22 -------- d-----w c:\documents and settings\Default\Application Data\HPAppData
2009-05-13 03:49 . 2007-11-28 11:06 -------- d-----w c:\program files\Yahoo!
2009-05-13 03:48 . 2008-10-16 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-13 03:46 . 2006-07-25 14:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 01:59 . 2008-08-25 12:23 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-13 01:59 . 2008-08-25 12:23 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-13 01:59 . 2008-08-25 12:23 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-13 01:35 . 2008-08-25 12:22 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-06 05:00 . 2008-12-03 01:47 -------- d-----w c:\program files\PokerStars
2009-04-17 20:10 . 2009-04-17 20:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-17 20:09 . 2006-07-25 14:42 -------- d-----w c:\program files\Java
2009-04-17 20:09 . 2009-04-17 20:09 152576 ----a-w c:\documents and settings\Default\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 07:26 . 2009-03-24 12:15 165716 ----a-w c:\windows\hpoins29.dat
2009-04-17 07:20 . 2009-04-17 07:14 -------- d-----w c:\documents and settings\Default\Application Data\HP
2009-04-17 07:16 . 2009-04-17 07:16 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-17 07:12 . 2009-04-17 07:12 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-16 23:52 . 2009-04-16 23:52 45056 ----a-w c:\documents and settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\6\1b458086-36ebbefb-n\winflash.dll
2009-04-16 23:52 . 2009-04-16 23:52 27648 ----a-w c:\documents and settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\51\10a671b3-1caf33ff-n\draghelp.dll
2009-04-06 20:08 . 2009-04-06 20:08 -------- d-----w c:\program files\iTunes
2009-04-06 20:08 . 2009-04-06 20:08 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-06 20:08 . 2009-04-06 20:08 -------- d-----w c:\program files\iPod
2009-04-06 20:08 . 2008-05-01 02:51 -------- d-----w c:\program files\Common Files\Apple
2009-04-06 19:57 . 2009-04-06 19:57 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 19:59 . 2009-03-24 12:16 -------- d-----w c:\program files\HP
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:59 . 2009-03-12 13:29 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 04:59 . 2008-05-01 02:51 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 10:56 . 2006-08-12 04:15 108696 ----a-w c:\documents and settings\Default\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-07 19:40 . 2006-08-12 03:51 56 --sh--r c:\windows\system32\F8C56B7240.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-13 1947928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-8-7 479232]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-13 01:59 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2008 7:23 AM 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2008 7:22 AM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{C9DD9473-1D39-445D-A702-8A3508C0BDAE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ril456.baseball.cbssports.com/scoring/live
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: saint-lukes.org\*.corp
TCP: {7815C5BF-978E-41F0-9723-A39706F59BFE} = 24.94.163.32,24.94.163.33
DPF: {FFE14B90-D594-484A-8878-D342493603F0} - hxxps://access.corp.saint-lukes.org/CitrixLogonPoint/SLHSIA/EPAClient/EPAClient.exe
FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\afeyw7ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://ril456.baseball.cbssports.com/scoring/live
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\afeyw7ed.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\Default\Application Data\Mozilla\plugins\np00682643-E3C8-4BB0-AC75-EAE5308D54B5.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-30 13:32
ComboFix-quarantined-files.txt 2009-05-30 18:31

Pre-Run: 28,924,063,744 bytes free
Post-Run: 29,640,273,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

193 --- E O F --- 2009-05-13 13:54

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 30 May 2009 - 02:44 PM

Hi gialde,

There is still some things to deal with.

Use Windows Explorer to find and delete this file:

c:\windows\f5087.dat

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Next

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, at the bottom select:(filetype = any).

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

Finally can you post a new OTViewIt log and let me know if you are having any further problems.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 30 May 2009 - 02:50 PM

I went to C:\windows and could not find c:\windows\f5087.dat! It is not there. I looked and also did a search. I have not done anything further so please advise.

By the way, thank you very much for all of your help!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:07 PM

Posted 30 May 2009 - 03:10 PM

You're welcome for the help. :thumbup2:

Okay, don't worry for now. Carry on with the second step and then post the OTViewIt log.

We will deal with the .dat file afterwards if we need to. :)
Posted Image
m0le is a proud member of UNITE

#15 gialde

gialde
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 31 May 2009 - 06:28 PM

OTViewIt logfile created on: 5/31/2009 6:22:38 PM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 246.78 Mb Available Physical Memory | 24.14% Memory free
2.40 Gb Paging File | 1.58 Gb Available in Paging File | 65.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 26.79 Gb Free Space | 30.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 310.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ72VGB1
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2009/04/17 15:10:01 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/05/26 10:28:00 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/04/23 23:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2003/07/14 22:45:18 | 00,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2009/05/12 20:59:45 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2009/03/26 15:31:22 | 00,233,848 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
[2008/10/01 14:06:26 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/05/27 18:36:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/15 23:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/05/12 20:59:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/04/17 15:10:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2007/04/24 10:53:26 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/07/25 09:54:57 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2006/02/15 23:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2009/05/12 20:59:46 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/05/12 20:59:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/01/24 17:25:07 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2008/01/24 17:25:08 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2008/01/24 17:25:09 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Running])
[2005/12/04 09:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://ril456.baseball.cbssports.com/scoring/live

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (152 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivguardian.com
94.232.248.66 www.antivguardian.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/08/07 16:49:12 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2008/02/05 15:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}: Button: Bodog Poker -- %ProgramFiles%\Bodog Poker\BPGame.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/04/29 02:18:36 | 00,562,968 | ---- | M] (PokerStars)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 11:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
saint-lukes.org\*.corp: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photos.walmart.com/WalmartActivia.cab -- Snapfish Activia
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1155354820843 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{FFE14B90-D594-484A-8878-D342493603F0}: https://access.corp.saint-lukes.org/CitrixL...t/EPAClient.exe -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0CD75DF1-7826-4CD1-ACDC-3FF03DF808E7} (Servers: | Description: )
{7815C5BF-978E-41F0-9723-A39706F59BFE} (Servers: 24.94.163.32,24.94.163.33 | Description: Broadcom 440x 10/100 Integrated Controller)
{7B6073B0-5B1D-455A-8D7B-6B15154AA523} (Servers: | Description: 1394 Net Adapter)
{8C861A08-8B6A-4CD0-ADBE-C03615768B7D} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea5cb16-29a3-11db-898f-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea5cb16-29a3-11db-898f-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea5cb16-29a3-11db-898f-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- [2008/03/19 10:09:00 | 00,574,800 | R--- | M] (Hewlett-Packard)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/31 18:18:09 | 00,000,102 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\fixit.reg
[2009/05/31 10:55:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/30 13:23:13 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/30 13:23:10 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/30 13:22:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/30 13:21:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/30 13:21:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/30 13:21:44 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/30 13:21:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/30 13:21:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/30 13:21:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/30 13:21:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/30 13:21:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/30 11:19:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/30 11:17:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/30 11:16:23 | 03,120,896 | R--- | C] () -- C:\Documents and Settings\Default\Desktop\ComboFix.exe
[2009/05/27 18:36:07 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt.exe
[2009/05/27 09:17:55 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\dds.com
[2009/05/23 16:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Default\My Documents\iMacros
[2009/05/21 08:05:40 | 68,812,7702 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\Let.It.Ride[1989].DVDRip[eng].xvid.sPrG.mp4
[2009/05/13 10:43:33 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/12 21:23:38 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/07 10:25:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\f5087.dat
[2009/05/02 09:04:34 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Default\Desktop\Wichita Moose Roster.xls

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/31 18:18:09 | 00,000,102 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\fixit.reg
[2009/05/31 10:41:24 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C9DD9473-1D39-445D-A702-8A3508C0BDAE}.job
[2009/05/30 13:32:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/30 13:29:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/30 13:23:13 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/30 11:16:30 | 03,120,896 | R--- | M] () -- C:\Documents and Settings\Default\Desktop\ComboFix.exe
[2009/05/30 10:37:25 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/30 10:37:25 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/30 10:37:25 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/30 10:35:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/30 10:33:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/30 10:33:02 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/30 04:38:33 | 36,557,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/30 01:32:24 | 00,063,467 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/27 18:36:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTViewIt.exe
[2009/05/27 09:17:55 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\dds.com
[2009/05/25 11:15:50 | 00,004,444 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/25 11:15:48 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\40726BC5F8.sys
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/21 08:42:34 | 68,812,7702 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\Let.It.Ride[1989].DVDRip[eng].xvid.sPrG.mp4
[2009/05/19 20:15:18 | 00,148,480 | ---- | M] () -- C:\Documents and Settings\Default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 20:12:44 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/13 09:23:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/12 20:59:46 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/12 20:59:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/12 20:59:46 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/07 12:03:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/07 10:25:44 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\f5087.dat
[2009/05/07 02:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/02 09:04:34 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Default\Desktop\Wichita Moose Roster.xls
< End of report >


OTViewIt Extras logfile created on: 5/31/2009 6:22:38 PM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 246.78 Mb Available Physical Memory | 24.14% Memory free
2.40 Gb Paging File | 1.58 Gb Available in Paging File | 65.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.29 Gb Total Space | 26.79 Gb Free Space | 30.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 310.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ72VGB1
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008/05/04 22:30:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008/03/16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008/03/16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
[2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
[2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
[2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008/03/26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/26 15:17:59 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/02/05 15:29:18 | 06,190,320 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2007/09/24 22:30:30 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/02/22 02:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2009/05/12 20:49:33 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/06/10 01:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008/05/04 22:30:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008/03/16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008/03/16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
[2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
[2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
[2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008/03/26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2009/05/12 20:59:43 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00682643-E3C8-4BB0-AC75-EAE5308D54B5}"=SLHS Endpoint Analysis Client
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}"=Status
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}"=PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}"=PSSWCORE
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}"=ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{121DAE1D-FC3E-4304-A011-8A6B7C25DBE7}"=Encompass
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}"=HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{19E16A54-962C-45D6-BDDE-FD01EBB1A086}"=PurePlay Poker
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}"=VideoToolkit01
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}"=File Uploader
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}"=Citrix Presentation Server Client - Web Only
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java™ 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Management Programs
"{27197499-7680-4208-8FD8-5439CDB0FDC1}"=HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}"=C4400
"{29521505-F489-4822-ADFA-32C6DEE4F114}"=TurboTax 2008 WinPerUserEducation
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}"=HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}"=TurboTax 2008 wmoiper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}"=DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}"=PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}"=UnloadSupport
"{593A6CAF-E114-4e31-884F-74FF349E8E36}"=SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}"=C4400_Help
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}"=Roxio Media Manager
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.7
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}"=PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}"=TurboTax 2008 WinPerFedFormset
"{766E4715-B801-46B3-9D91-12288AB88428}"=DB CIF Cam
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}"=DB CIF Cam
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}"=HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}"=TurboTax 2008 WinPerReleaseEngine
"{8A9B8148-DDD7-448F-BD6C-358386D32354}"=Corel Photo Album 6
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}"=PS_AIO_03_C4400_Software
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C93CE61-2752-43C9-A72A-EF8145AE634D}"=Baseball Mogul 2007
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}"=TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}"=AnswerWorks 5.0 English Runtime
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}"=MarketResearch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}"=WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}"=TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}"=TurboTax 2008 WinPerTaxSupport
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}"=BufferChm
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}"=BlackBerry Desktop Software 4.3
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}"=Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}"=SmartWebPrinting
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}"=GPBaseService
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}"=ArcSoft Panorama Maker 4
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}"=HP Photosmart Essential 2.5
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}"=Search Assist
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}"=Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}"=Cards_Calendar_OrderGift_DoMorePlugout
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}"=TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E96B0085-6659-486b-A221-5042A042728D}"=Toolbox
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}"=DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}"=Destination Component
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}"=32 Bit HP CIO Components Installer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCCC1736-143E-4D35-A535-91840BB8C3BE}"=TurboTax 2008 wksiper
"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.5
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}"=BlackBerry Desktop Software 4.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Game Console"=Dell Game Console
"Free iPod Video Converter_is1"=Free iPod Video Converter 1.26
"HP Imaging Device Functions"=HP Imaging Device Functions 11.0
"HP Photosmart Essential"=HP Photosmart Essential 3.0
"HP Smart Web Printing"=HP Smart Web Printing
"HP Solution Center & Imaging Support Tools"=HP Solution Center 11.0
"HPExtendedCapabilities"=HP Customer Participation Program 11.0
"HPOCR"=OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10)
"MP3 Rocket"=MP3 Rocket
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"oggcodecs"=oggcodecs 0.71.0946
"PokerStars"=PokerStars
"ProInst"=Intel® PROSet/Wireless Software
"RealPlayer 6.0"=RealPlayer Basic
"Shop for HP Supplies"=Shop for HP Supplies
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"TurboTax 2008"=TurboTax 2008
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack"=XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2009 3:12:44 AM | Computer Name = DJ72VGB1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 9:53:06 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x0017e76c.

Error - 4/29/2009 9:53:14 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1001
Description = Fault bucket 1228775505.

Error - 5/4/2009 3:47:22 AM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module mshtml.dll, version 7.0.6000.16825, fault address 0x0003c1b5.

Error - 5/4/2009 7:01:56 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module jvm.dll, version 11.3.0.2, fault address 0x000a96e6.

Error - 5/7/2009 11:24:40 AM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module jscript.dll, version 5.7.0.18066, fault address 0x0001e218.

Error - 5/10/2009 8:27:01 PM | Computer Name = DJ72VGB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/12/2009 9:32:01 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module avgssie.dll, version 8.0.0.223, fault address 0x00026dcf.

Error - 5/31/2009 7:14:34 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application ipod_video_converter.exe, version 1.26.0.816,
faulting module quicktimeaudiosupport.qtx, version 7.6.5.0, fault address 0x001a19d2.

Error - 5/31/2009 7:15:02 PM | Computer Name = DJ72VGB1 | Source = Application Error | ID = 1000
Description = Faulting application ipod_video_converter.exe, version 1.26.0.816,
faulting module quicktimeaudiosupport.qtx, version 7.6.5.0, fault address 0x001a19d2.

[ System Events ]
Error - 5/27/2009 7:03:37 PM | Computer Name = DJ72VGB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/30/2009 11:34:43 AM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/30/2009 1:59:05 PM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 5/30/2009 2:18:39 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 5/30/2009 2:18:50 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 5/30/2009 2:19:16 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 5/30/2009 2:26:21 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 5/30/2009 2:29:42 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 5/30/2009 2:29:44 PM | Computer Name = DJ72VGB1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 5/31/2009 11:39:37 AM | Computer Name = DJ72VGB1 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users