Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extreme slowdown, apps crash/close


  • This topic is locked This topic is locked
6 replies to this topic

#1 trystero4

trystero4

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 24 August 2009 - 01:11 AM

Suffering some major problems with wife's Dell laptop. This was her business laptop. A few months ago she was issued a new one. Unfortunately my teenage kids were allowed to use this old one. Who knows what they did to it.

Please keep in mind that my knowledge of malware/spyware removal is very limited. I apologize in advance.

1. Takes up to 20 minutes to restart. And at times it will not load past the 'loading personal preferences' notice.

2. Everything runs extremely slow after start up. Opening an app might take 3-5 minutes.

3. Most apps crash/not respond within a minute once they do actually open. Tried to run malwarebytes but freezes as soon as you click SCAN.

4. I am getting NO ERROR MESSAGES.




DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by bakocatering at 22:53:09.78 on Sun 08/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.327 [GMT -7:00]

AV: Total Protection for Small Business *On-access scanning enabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TEMP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page =
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\j2re1.4.2_16\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\HPDIGI~1.LNK -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - hxxp://vs.mcafeeasap.com/SW/ENU/VS40/bin/myCioAgt.20060504183849.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167175359711
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games2.gamefools.com/onlinegames/Yahtzee/zylomplayer.cab
DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.566.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
S1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-26 201320]
S2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]
S2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-5-15 14144]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2006-12-26 169280]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2006-12-26 69632]
S3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-12 17636]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-23 38160]
S3 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2006-12-26 144704]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2006-12-26 79304]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2006-12-26 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-5-15 33832]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-12-26 92550]

=============== Created Last 30 ================

2009-08-23 21:35 <DIR> --d----- c:\program files\Trend Micro
2009-08-23 21:26 <DIR> --d----- c:\docume~1\temp\applic~1\Malwarebytes
2009-08-23 21:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 21:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 21:25 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 21:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 22:52 <DIR> --d----- c:\program files\CCleaner
2009-08-22 19:45 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-22 00:01 451,760 a------- c:\windows\system32\Tab32x30.ocx
2009-08-22 00:01 228,864 a------- c:\windows\system32\xl5en32.olb
2009-08-22 00:01 115,920 a------- c:\windows\system32\MSINET.OCX
2009-08-22 00:01 1,353,360 a------- c:\windows\system32\fpSpr60.ocx
2009-08-22 00:01 <DIR> --d----- c:\program files\DraftDominator
2009-08-12 01:42 <DIR> --d----- c:\docume~1\temp\applic~1\Intel
2009-08-12 01:28 <DIR> --d----- c:\documents and settings\TEMP
2009-08-12 01:12 93 a------- c:\windows\wininit.ini
2009-08-11 18:47 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-11 18:47 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-11 18:47 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-11 18:47 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2009-06-22 08:34 178,700 a------- c:\windows\hpwins20.dat
2009-06-20 20:41 90,112 a------- c:\windows\DUMP7352.tmp
2009-06-20 20:40 90,112 a------- c:\windows\DUMP7366.tmp
2009-06-20 20:39 90,112 a------- c:\windows\DUMP73e8.tmp
2009-06-20 20:38 90,112 a------- c:\windows\DUMP7045.tmp
2009-06-17 19:13 90,112 a------- c:\windows\DUMP7f22.tmp
2009-06-12 07:53 90,112 a------- c:\windows\DUMPace7.tmp
2009-06-02 05:48 90,112 a------- c:\windows\DUMPa912.tmp
2009-05-31 19:31 90,112 a------- c:\windows\DUMP7f4a.tmp
2009-05-31 19:30 90,112 a------- c:\windows\DUMP38f4.tmp
2009-05-31 19:29 90,112 a------- c:\windows\DUMP8149.tmp
2009-05-31 19:28 90,112 a------- c:\windows\DUMP81b7.tmp
2009-05-31 19:27 90,112 a------- c:\windows\DUMP8045.tmp
2009-05-29 05:47 90,112 a------- c:\windows\DUMP81a3.tmp
2009-05-29 05:46 90,112 a------- c:\windows\DUMP817c.tmp
2009-05-29 05:44 90,112 a------- c:\windows\DUMP817b.tmp
2009-05-29 05:43 90,112 a------- c:\windows\DUMPabcf.tmp

============= FINISH: 22:53:51.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 trystero4

trystero4
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 24 August 2009 - 11:14 PM

Not sure if it helps but when I try to run Malwarebytes in SafeMode I get an error code:

vbacellerator sgrid II control
Runtime Error 0
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 25 August 2009 - 12:40 AM.


#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:17 PM

Posted 25 August 2009 - 06:08 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 trystero4

trystero4
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 August 2009 - 09:37 PM

OTL logfile created on: 8/25/2009 7:32:12 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.21 Mb Total Physical Memory | 352.60 Mb Available Physical Memory | 69.11% Memory free
1.22 Gb Paging File | 1.12 Gb Available in Paging File | 91.81% Paging File free
Paging file location(s): C:\pagefile.sys 765 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 4.80 Gb Free Space | 25.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAKOCATER
Current User Name: bakocatering
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/09/07 14:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/08/04 05:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/08/25 19:31:41 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/08/16 04:58:05 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - [2007/06/28 14:54:44 | 00,151,552 | ---- | M] (SprintNextel) -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe -- (Access Utility Service [Auto | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/10 17:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2004/11/01 09:50:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/12/01 12:30:14 | 00,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer [Auto | Stopped])
SRV - [2004/09/07 14:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Stopped])
SRV - [2009/05/20 08:47:43 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/07 16:04:10 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Stopped])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Stopped])
SRV - [2007/10/14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/12/01 12:31:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Stopped])
SRV - [2008/05/02 00:39:14 | 00,169,280 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc [Auto | Stopped])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2006/10/13 05:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Stopped])
SRV - [2004/08/04 05:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2004/09/07 14:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Stopped])
SRV - [2004/09/07 14:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Stopped])
SRV - [2008/02/20 13:59:02 | 00,069,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe -- (SWAGENT [Auto | Stopped])
SRV - [2006/07/29 17:34:38 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll -- (usnsvc [On_Demand | Stopped])
SRV - [2004/09/07 14:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Stopped])
SRV - [2004/06/25 16:15:54 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Auto | Stopped])
SRV - [2006/10/18 18:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/03/05 09:08:41 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2005/11/10 17:49:24 | 01,406,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2004/03/05 10:52:22 | 00,008,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\awechomd.sys -- (awecho [System | Stopped])
DRV - [2003/11/17 16:06:48 | 00,011,165 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy [System | Stopped])
DRV - [2003/10/23 08:32:20 | 00,016,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\aw_host5.sys -- (AW_HOST [System | Stopped])
DRV - [2003/05/21 16:47:12 | 00,175,360 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Stopped])
DRV - [2004/06/25 16:15:50 | 00,315,392 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2006/01/18 06:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
DRV - [2006/01/18 20:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2003/08/21 14:46:42 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/12/12 07:55:22 | 00,017,636 | R--- | M] (SHARP ECR) -- C:\WINDOWS\System32\drivers\ecrdrv.sys -- (ECRDRV [On_Demand | Stopped])
DRV - [2003/04/21 11:00:32 | 00,013,898 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa [Boot | Running])
DRV - [2007/01/17 09:37:17 | 00,049,920 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/01/17 09:37:18 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/01/17 09:37:19 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/05/03 13:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])
DRV - [2004/06/17 13:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/05/03 13:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/08/12 06:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iwca.sys -- (IWCA [On_Demand | Running])
DRV - [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2006/12/26 14:58:02 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Stopped])
DRV - [2004/03/17 10:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2007/12/01 12:32:00 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\MfeAVFK.sys -- (MfeAVFK [On_Demand | Stopped])
DRV - [2007/12/01 12:32:06 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\MfeBOPK.sys -- (MfeBOPK [On_Demand | Stopped])
DRV - [2007/12/01 12:32:26 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Stopped])
DRV - [2007/12/01 12:32:54 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\MfeRKDK.sys -- (MfeRKDK [On_Demand | Stopped])
DRV - [2007/12/01 12:33:14 | 00,055,016 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2003/10/10 11:23:48 | 00,032,640 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\System32\DRIVERS\MXOFX.SYS -- (MXOFX [On_Demand | Stopped])
DRV - [2004/08/09 17:49:40 | 00,014,592 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Stopped])
DRV - [2004/08/04 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Stopped])
DRV - [2004/08/04 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Stopped])
DRV - [2006/10/13 03:23:15 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Stopped])
DRV - [2005/04/21 19:58:38 | 00,092,550 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\DRIVERS\ozscr.sys -- (O2SCBUS [On_Demand | Stopped])
DRV - [2001/08/22 06:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Stopped])
DRV - [2005/04/21 19:58:38 | 00,092,550 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\DRIVERS\ozscr.sys -- (OZSCR [On_Demand | Stopped])
DRV - [2006/11/08 00:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/06/30 16:10:56 | 00,026,752 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
DRV - [2006/05/08 12:09:00 | 00,026,008 | R--- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2006/06/30 16:10:56 | 00,026,752 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2004/08/31 06:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/15 17:53:06 | 00,263,608 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\stac97.sys -- (STAC97 [On_Demand | Stopped])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2006/12/26 15:22:38 | 00,104,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2008/06/20 02:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2004/10/21 13:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 13:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/20 09:37:26 | 00,278,016 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS) [On_Demand | Stopped])
DRV - [2004/01/14 11:30:00 | 00,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPNDIS5.SYS -- (ZDPNDIS5 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKU\S-1-5-21-507921405-1677128483-854245398-1010\S-1-5-21-507921405-1677128483-854245398-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (319159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 2464 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-507921405-1677128483-854245398-1010\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_16\bin\jusched.exe ()
O4 - HKU\S-1-5-21-507921405-1677128483-854245398-1010..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1677128483-854245398-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 92 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 92 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} http://vs.mcafeeasap.com/SW/ENU/VS40/bin/m...60504183849.cab (SecureObjectFactory Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167175359711 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://games2.gamefools.com/onlinegames/Ya...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.566.dll (McAfee, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/26 14:32:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/25 19:31:39 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/08/25 19:18:02 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TEMP\My Documents\OTL.exe
[2009/08/24 21:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Desktop\lspfix
[2009/08/23 22:52:56 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\TEMP\Desktop\dds.scr
[2009/08/23 21:53:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\TEMP\Desktop\RootRepeal.exe
[2009/08/23 21:35:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\TEMP\Desktop\HijackThis.lnk
[2009/08/23 21:35:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/23 21:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Desktop\ProcessExplorer
[2009/08/23 21:26:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Malwarebytes
[2009/08/23 21:25:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 21:25:56 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 21:25:54 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 21:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 21:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/22 22:54:27 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\TEMP\Desktop\CCleaner.lnk
[2009/08/22 22:52:29 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/22 19:45:12 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/22 00:16:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\My Documents\SnagIt Catalog
[2009/08/22 00:15:41 | 00,083,728 | ---- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/22 00:01:21 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\TEMP\Desktop\Draft Dominator.lnk
[2009/08/22 00:01:19 | 00,451,760 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x30.ocx
[2009/08/22 00:01:19 | 00,228,864 | ---- | C] () -- C:\WINDOWS\System32\xl5en32.olb
[2009/08/22 00:01:19 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2009/08/22 00:01:18 | 01,353,360 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\fpSpr60.ocx
[2009/08/22 00:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\DraftDominator
[2009/08/15 20:42:27 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\TEMP\Desktop\Shortcut to iexplore.lnk
[2009/08/15 20:35:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Macromedia
[2009/08/15 20:35:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Adobe
[2009/08/15 20:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Yahoo!
[2009/08/15 20:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\My Documents\My Received Files
[2009/08/15 20:20:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Adobe
[2009/08/15 18:27:26 | 00,594,832 | -H-- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\IconCache.db
[2009/08/15 17:32:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\HPAppData
[2009/08/15 17:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Google
[2009/08/15 17:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Identities
[2009/08/12 01:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Application Data\Intel
[2009/08/12 01:29:25 | 00,000,000 | --SD | C] -- C:\Documents and Settings\TEMP\Application Data\Microsoft
[2009/08/12 01:29:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft
[2009/08/12 01:29:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\TEMP\My Documents\My Pictures
[2009/08/12 01:29:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\TEMP\My Documents\My Music
[2009/08/12 01:12:15 | 00,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/11 18:47:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/08/11 18:47:31 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/08/11 18:47:31 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/08/11 18:47:31 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/07/25 12:27:42 | 00,000,136 | ---- | C] () -- C:\WINDOWS\PAFMGR.INI
[2008/01/21 14:37:17 | 00,000,184 | ---- | C] () -- C:\WINDOWS\MML_PRT.INI
[2007/10/30 09:03:57 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/10/24 01:47:38 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\mscories.dll
[2007/09/23 19:30:22 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/23 17:26:16 | 00,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/09/23 11:30:26 | 00,000,303 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/04/03 09:35:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Installrt2500qa.dll
[2007/04/03 09:35:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/03/18 06:30:21 | 00,000,232 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/05 11:36:23 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/03/05 08:35:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\igfxexps.dll
[2006/12/26 15:20:19 | 00,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/26 14:28:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\icwdial.dll
[2006/12/26 14:26:45 | 00,087,176 | ---- | C] () -- C:\WINDOWS\System32\rdpwsx.dll
[2006/04/12 17:04:39 | 00,049,920 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2004/08/12 06:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/04 05:00:00 | 00,397,824 | ---- | C] () -- C:\WINDOWS\System32\regwizc.dll
[2004/08/04 05:00:00 | 00,285,696 | ---- | C] () -- C:\WINDOWS\System32\objsel.dll
[2004/08/04 05:00:00 | 00,204,288 | ---- | C] () -- C:\WINDOWS\System32\mswebdvd.dll
[2004/08/04 05:00:00 | 00,180,800 | ---- | C] () -- C:\WINDOWS\System32\sqlunirl.dll
[2004/08/04 05:00:00 | 00,154,112 | ---- | C] () -- C:\WINDOWS\System32\ipmontr.dll
[2004/08/04 05:00:00 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\webvw.dll
[2004/08/04 05:00:00 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\wshbth.dll
[2004/08/04 05:00:00 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\gpkcsp.dll
[2004/08/04 05:00:00 | 00,076,800 | ---- | C] () -- C:\WINDOWS\System32\gcdef.dll
[2004/08/04 05:00:00 | 00,020,510 | ---- | C] () -- C:\WINDOWS\System32\odfox32.dll
[2004/08/04 05:00:00 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdno1.dll
[2004/08/04 05:00:00 | 00,000,674 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/07 11:21:24 | 00,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[42 C:\WINDOWS\*.tmp files]
[2009/08/25 19:31:41 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/08/25 19:18:04 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEMP\My Documents\OTL.exe
[2009/08/25 19:06:07 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/25 18:45:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/25 17:00:07 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/08/25 09:31:12 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/08/25 09:31:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/24 23:40:42 | 00,594,832 | -H-- | M] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\IconCache.db
[2009/08/23 22:52:58 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\TEMP\Desktop\dds.scr
[2009/08/23 21:53:17 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\TEMP\Desktop\RootRepeal.exe
[2009/08/23 21:35:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\TEMP\Desktop\HijackThis.lnk
[2009/08/23 21:25:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/22 22:54:37 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\TEMP\Desktop\CCleaner.lnk
[2009/08/22 19:45:12 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/22 00:16:17 | 00,391,603 | ---- | M] () -- C:\WINDOWS\System32\SNAGIT7
[2009/08/22 00:15:41 | 00,083,728 | ---- | M] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/22 00:01:21 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\TEMP\Desktop\Draft Dominator.lnk
[2009/08/21 23:39:24 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/08/20 09:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2009/08/19 18:00:14 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for bakocatering.job
[2009/08/17 08:00:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/17 08:00:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/16 22:18:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/16 22:18:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/15 20:42:27 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\TEMP\Desktop\Shortcut to iexplore.lnk
[2009/08/15 20:34:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/15 20:34:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/15 19:56:28 | 00,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/15 19:56:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/15 19:56:28 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/12 01:12:15 | 00,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/11 19:06:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/11 19:06:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/11 17:42:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/11 17:42:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/08/10 16:12:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/10 16:12:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/09 20:45:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/09 14:05:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/09 14:05:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/05 09:02:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/05 09:02:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/04 16:43:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/04 16:43:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 18:32:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/02 18:32:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/02 13:09:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/02 13:09:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/02 11:55:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/02 11:55:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/31 09:44:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/07/31 09:44:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/30 06:07:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/07/30 06:07:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/07/29 15:37:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/07/29 15:37:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/07/29 15:30:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/07/29 15:30:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/07/29 11:52:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/29 11:52:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/28 05:23:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/28 05:23:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/26 21:36:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:17 PM

Posted 26 August 2009 - 10:17 AM

Well you can let your kids off the hook. I'm not seeing any indication of a malware infection. I do see something that seems to indicate a hardware issue though.

8/23/2009 1:14:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Now I'm not a hardware guy, but I did a little research and it seems this error can indicate anything from a failing power source, a bad connector, or even a failing hard drive. At this point I'd like to refer you to the hardware forum where they will be much more qualified to troubleshoot your issues.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/


Best of luck! :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 trystero4

trystero4
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 26 August 2009 - 10:10 PM

Well you can let your kids off the hook. I'm not seeing any indication of a malware infection. I do see something that seems to indicate a hardware issue though.

8/23/2009 1:14:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Now I'm not a hardware guy, but I did a little research and it seems this error can indicate anything from a failing power source, a bad connector, or even a failing hard drive. At this point I'd like to refer you to the hardware forum where they will be much more qualified to troubleshoot your issues.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/


Best of luck! :thumbup2:


Thanks Sam!

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:17 PM

Posted 27 August 2009 - 09:15 AM

Anytime! :thumbup2:



This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users