[RESOLVED] Hard Drive Busy at Startup 10-15 min

Started By dtnyc, Feb 09 2011 03:08 AM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

31 replies to this topic

#1 dtnyc

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 03:08 AM

Following your steps...Malwarebytes log below followed by GMER.

I also have a HP Media drive and Maxtor USB drive I use for backing up. I have disconncetd those for now. How do I go about checking them as well without possibly reinfecting the PC?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/7/2011 5:58:17 AM
mbam-log-2011-02-07 (05-58-17).txt

Scan type: Full scan (M:\|)
Objects scanned: 310135
Time elapsed: 6 hour(s), 58 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
M:\Maxtor backup\HP\C\Documents and Settings\Craig\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

**************************************************************************************

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-08 22:00:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2500JD-22HBB0 rev.08.02D08
Running: wmbbqf2k.exe; Driver: C:\DOCUME~1\Craig\LOCALS~1\Temp\uxldipob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#2 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 03:14 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B6F000 \WINDOWS\system32\KDCOM.DLL
0xF7A7F000 \WINDOWS\system32\BOOTVID.dll
0xF7620000 ACPI.sys
0xF7B71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF760F000 pci.sys
0xF766F000 isapnp.sys
0xF7B73000 intelide.sys
0xF78EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF767F000 MountMgr.sys
0xF75F0000 ftdisk.sys
0xF7B75000 dmload.sys
0xF75CA000 dmio.sys
0xF78F7000 PartMgr.sys
0xF768F000 VolSnap.sys
0xF75B2000 atapi.sys
0xF769F000 disk.sys
0xF76AF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7592000 fltmgr.sys
0xF7580000 sr.sys
0xF7531000 SYMEFA.SYS
0xF751A000 drvmcdb.sys
0xF76BF000 PxHelp20.sys
0xF7503000 KSecDD.sys
0xF7476000 Ntfs.sys
0xF7449000 NDIS.sys
0xF76CF000 SISAGPX.sys
0xF76DF000 ohci1394.sys
0xF76EF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF742F000 Mup.sys
0xF771F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF783F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7043000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF702F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF799F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6FE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF784F000 \SystemRoot\system32\DRIVERS\R8139n51.SYS
0xF6F1C000 \SystemRoot\system32\DRIVERS\hcwPVRP2.sys
0xF785F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF6EF9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6DC3000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79AF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6DAF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF786F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79B7000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7B27000 \SystemRoot\system32\drivers\pfc.sys
0xF787F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF788F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79BF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7DA0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF789F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B33000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D98000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6CE7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78CF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6C8F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7B9F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C31000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B53000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF774F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE9D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE9AD000 \SystemRoot\system32\drivers\portcls.sys
0xF777F000 \SystemRoot\system32\drivers\drmk.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB67AD000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xF7A2F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB663D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xF6CC3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7A57000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6C29000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF780F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A67000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A77000 \SystemRoot\system32\DRIVERS\hidir.sys
0xF781F000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xEE397000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7BFB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D86000 \SystemRoot\System32\Drivers\Null.SYS
0xEE393000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7957000 \SystemRoot\System32\drivers\vga.sys
0xF7BFF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF795F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7967000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73EF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB65F6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB659D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6569000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xB6543000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6D88000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6D78000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF796F000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xB652E000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xF7977000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xB6486000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6464000 \SystemRoot\System32\drivers\afd.sys
0xF6D58000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7B07000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB6443000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7987000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB6418000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB63A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6D28000 \SystemRoot\System32\Drivers\Fips.SYS
0xB634A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB632D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB62B2000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xB6270000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xB624C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB6234000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C15000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C0D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D49000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF181000 \SystemRoot\System32\atiok3x2.dll
0xBF1CC000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xB3EAC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3B7F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3805000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3552000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB31A5000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3372000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7C0D000 \SystemRoot\system32\drivers\MSPQM.sys
0xB2ED2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2C39000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2921000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF7A4F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB2675000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110208.003\IDSxpx86.sys
0xB252A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110208.021\NAVEX15.SYS
0xB2516000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110208.021\NAVENG.SYS
0xB1E59000 \SystemRoot\system32\drivers\kmixer.sys
0xB1E41000 \??\C:\DOCUME~1\Craig\LOCALS~1\Temp\uxldipob.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
728 C:\WINDOWS\system32\smss.exe
808 csrss.exe
844 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
920 C:\WINDOWS\system32\lsass.exe
1080 C:\WINDOWS\system32\ati2evxx.exe
1116 C:\WINDOWS\system32\svchost.exe
1172 svchost.exe
1268 C:\WINDOWS\system32\svchost.exe
1340 svchost.exe
1428 svchost.exe
1628 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1832 C:\WINDOWS\system32\spoolsv.exe
1916 svchost.exe
1948 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
2024 C:\WINDOWS\ehome\ehRecvr.exe
136 C:\WINDOWS\ehome\ehSched.exe
480 C:\Program Files\Java\jre6\bin\jqs.exe
524 C:\Program Files\Maxtor\Sync\SyncServices.exe
560 C:\Program Files\Google\Update\GoogleUpdate.exe
1344 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1372 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
1784 C:\WINDOWS\system32\svchost.exe
292 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1672 C:\Program Files\Canon\CAL\CALMAIN.exe
2740 C:\WINDOWS\system32\dllhost.exe
3220 alg.exe
2400 C:\WINDOWS\system32\svchost.exe
1012 C:\Program Files\iPod\bin\iPodService.exe
2564 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
3584 C:\WINDOWS\system32\ati2evxx.exe
2348 C:\WINDOWS\explorer.exe
3548 C:\WINDOWS\ehome\ehtray.exe
2416 C:\WINDOWS\system\hpsysdrv.exe
268 C:\WINDOWS\system32\ps2.EXE
3636 C:\WINDOWS\AGRSMMSG.exe
1328 C:\WINDOWS\ehome\ehmsas.exe
3968 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
3988 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
4012 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1756 C:\Program Files\iTunes\iTunesHelper.exe
2056 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2156 C:\Documents and Settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
2184 C:\WINDOWS\system32\ctfmon.exe
2384 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5208 C:\Program Files\Internet Explorer\iexplore.exe
5252 C:\Program Files\Internet Explorer\iexplore.exe
5744 C:\Program Files\Internet Explorer\iexplore.exe
272 C:\WINDOWS\system32\notepad.exe
1984 C:\Documents and Settings\Craig\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9a352000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JD-22HBB0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#3 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 09 February 2011 - 03:15 AM

Welcome aboard Posted Image

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================================================

Quote

How do I go about checking them as well without possibly reinfecting the PC?

Let's see what's going on on your main drive first.

You need to complete ALL steps from here: http://www.smartestc...ease-read-this/

#4 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 03:18 AM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Craig at 22:15:11.44 on Tue 02/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.374 [GMT -5:00]

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Craig\Local Settings\Temporary Internet Files\Content.IE5\TFHG4NNA\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
c:\documents and settings\craig\local settings\temp\d3.tmp\temp00
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: hilton.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {23843D23-7065-442B-B30D-084B5F20EC89} - hxxps://hlbfs.hilton.com/cis/hlbfs/Revenue/HlbfsFoodRevenue.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/33.06/uploader2.cab
DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} - hxxp://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB
DPF: {5D5971B4-64EC-11D5-93DD-0004AC152B66} - hxxps://hlbfs.hilton.com/cis/hlbfs/Labor/HlbfsProductivityLabor.CAB
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221265849843
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7ED81BA9-8803-4468-A4D6-5DBE726F6C3D} - hxxps://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsOtherRevExp.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DD7074EB-1436-11D3-BBF3-000086195AD6} - hxxps://hlbfs.hilton.com/cis/hlbfs/HlbfsTaskList.CAB
DPF: {E2257343-7021-4ABB-B0C0-8C5DE34D2A9A} - hxxps://hlbfs.hilton.com/cis/hlbfs/HlbfsFacilityList.CAB
DPF: {E284F055-5DC1-11D2-9807-0000C9143A3F} - hxxp://eis.hilton.com/cis/hrps/BaseDlls.CAB
DPF: {F54E842D-B04B-4A2C-953A-FC5D69909B84} - hxxps://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsQuickORE.CAB
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R?2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-26 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-26 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-26 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110208.003\IDSXpx86.sys [2011-2-8 341944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-26 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-28 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-7 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110208.021\NAVENG.SYS [2011-2-8 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110208.021\NAVEX15.SYS [2011-2-8 1360760]
S2 gupdate1c9b4c19781a0b4;Google Update Service (gupdate1c9b4c19781a0b4);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-9-18 23096]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]

=============== Created Last 30 ================

2011-02-06 17:46:31 -------- d-----w- c:\program files\iPod
2011-02-06 03:24:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-02-06 03:24:51 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-02-06 03:24:50 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-02-06 03:24:45 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-02-06 03:24:40 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-02-06 03:24:02 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-02-06 03:23:56 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-02-06 03:23:54 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-02-06 03:23:48 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-02-06 03:23:47 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-02-06 03:22:58 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-02-06 03:22:55 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-02-06 03:22:49 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-02-06 03:22:37 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-02-06 03:22:30 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-02-06 03:22:25 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-02-06 03:22:14 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-02-06 03:22:14 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-02-06 03:22:13 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-02-06 03:22:08 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-02-06 03:22:01 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-02-06 03:22:00 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-02-06 03:21:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-02-06 03:21:54 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-02-06 03:21:53 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-02-06 03:21:52 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-02-06 03:21:45 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2011-02-06 03:21:40 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-02-06 03:21:35 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-02-06 03:21:25 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-02-06 03:21:19 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-02-06 03:21:13 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-02-06 03:21:06 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-02-06 03:21:00 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-02-06 03:20:46 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-02-06 03:20:41 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-02-06 03:20:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-02-06 03:20:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-02-06 03:20:24 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-02-06 03:20:19 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-02-06 03:20:14 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-02-06 03:20:09 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-02-06 03:20:07 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-02-06 03:20:05 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-02-06 03:20:03 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2011-02-06 03:19:55 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-02-06 03:19:50 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-02-06 03:19:45 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-02-06 03:19:40 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-02-06 03:19:35 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-02-06 03:19:31 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-02-06 03:19:26 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-02-06 03:19:21 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-02-06 03:19:16 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-02-06 03:19:11 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-02-06 03:19:06 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-02-06 03:18:59 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-02-06 03:18:50 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-02-06 03:18:45 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-02-06 03:18:41 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-02-06 03:18:36 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-02-06 03:18:31 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-02-06 03:18:26 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-02-06 03:18:20 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-02-06 03:18:15 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-02-06 03:18:14 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-02-06 03:18:09 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-02-06 03:18:02 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-02-06 03:17:57 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-02-06 03:17:52 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-02-06 03:17:34 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-02-06 03:17:28 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-02-06 03:17:20 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-02-06 03:17:16 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-02-06 03:17:14 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-02-06 03:17:08 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-02-06 03:17:02 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-02-06 03:16:55 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-02-06 03:16:48 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-02-06 03:16:43 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-02-06 03:16:39 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-02-06 03:16:28 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-02-06 03:16:24 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-02-06 03:16:19 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-02-06 03:16:15 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-02-06 03:16:10 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-02-06 03:16:06 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-02-06 03:16:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-02-06 03:15:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-02-06 03:15:52 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-02-06 03:15:47 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-02-06 03:15:43 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-02-06 03:15:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-02-06 03:15:31 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-02-06 03:15:27 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-02-06 03:15:20 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-02-06 03:15:12 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-02-06 03:15:06 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-02-06 03:13:54 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-02-06 03:13:49 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-02-06 03:13:44 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-02-06 03:13:40 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-02-06 03:13:36 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-02-06 03:13:35 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-02-06 03:13:34 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-02-06 03:13:29 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-02-06 03:13:24 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-02-06 03:13:20 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-02-06 03:13:13 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-02-06 03:13:06 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-02-06 03:13:01 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-02-06 03:12:57 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-02-06 03:12:53 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-02-06 03:12:48 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-02-06 03:12:47 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-02-06 03:12:41 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-02-06 03:12:37 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-02-06 03:12:32 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-02-06 03:12:28 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-02-06 03:12:16 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-02-06 03:12:12 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-02-06 03:12:07 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-02-06 03:12:03 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-02-06 03:10:59 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-02-06 03:09:56 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-02-06 03:09:51 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-02-06 03:09:45 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-02-06 03:09:39 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-02-06 03:09:36 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-02-06 03:09:31 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-02-06 03:09:25 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-02-06 03:09:11 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-02-06 03:09:05 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-02-06 03:09:00 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-02-06 03:07:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-02-06 03:06:55 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2011-02-06 03:05:58 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-02-06 03:05:54 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-02-06 03:05:49 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-02-06 03:05:45 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-02-06 03:05:41 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-02-06 03:05:37 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-02-06 03:05:33 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-02-06 03:05:29 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-02-06 03:05:25 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-02-06 03:05:21 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-02-06 03:05:15 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-02-06 03:05:02 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-02-06 03:04:58 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-02-06 03:04:47 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-02-06 03:04:41 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-02-06 03:04:37 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-02-06 03:04:35 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-02-06 03:04:05 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-02-06 03:04:00 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-02-06 03:03:54 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-02-06 03:03:51 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-02-06 03:03:43 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-02-06 03:03:37 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-02-06 03:03:33 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-02-06 03:03:29 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-02-06 03:03:20 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-02-06 03:03:16 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-02-06 03:03:13 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-02-06 03:03:09 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-02-06 03:03:05 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-02-06 03:03:01 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2011-02-06 03:02:57 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2011-02-06 03:02:53 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-02-06 03:02:49 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-02-06 03:02:45 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-02-06 03:02:41 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-02-06 03:02:37 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-02-06 03:02:33 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-02-06 03:02:32 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-02-06 03:02:28 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-02-06 03:02:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-02-06 03:02:09 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-02-06 03:01:59 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-02-06 03:01:57 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-02-06 03:01:56 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-02-06 03:01:45 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-02-06 03:01:41 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-02-06 03:01:39 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-02-06 03:01:29 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-02-06 03:01:23 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-02-06 03:01:16 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-02-06 03:01:08 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-02-06 03:01:02 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-02-06 02:59:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-02-06 02:59:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2011-02-06 02:59:46 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-02-06 02:59:42 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-02-06 02:59:38 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-02-06 02:59:34 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-02-06 02:59:32 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-02-06 02:59:28 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-02-06 02:59:24 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-02-06 02:59:17 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-02-06 02:59:16 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-02-06 02:59:14 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-02-06 02:59:13 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-02-06 02:58:54 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-02-06 02:58:32 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-02-06 02:58:29 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-02-06 02:58:25 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-02-06 02:58:16 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-02-06 02:58:13 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-02-06 02:58:12 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-02-06 02:58:08 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-02-06 02:58:08 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-02-06 02:58:07 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-02-06 02:56:59 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-02-06 02:55:58 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-02-06 02:54:58 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-02-06 02:53:57 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2011-02-06 02:52:57 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-02-06 02:51:57 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2011-02-06 02:50:59 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-02-06 02:49:58 41046 -c--a-w- c:\windows\system32\dllcache\digiisdn.dll
2011-02-06 02:48:58 14848 -c--a-w- c:\windows\system32\dllcache\cyclom-y.sys
2011-02-06 02:47:57 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-02-06 02:46:47 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-02-06 02:45:58 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2011-02-06 00:52:46 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2011-02-06 00:52:46 9728 ------w- c:\windows\system32\rwnh.dll
2011-02-06 00:52:46 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2011-02-06 00:52:46 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-06 00:52:46 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2011-02-06 00:52:46 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2011-02-06 00:52:46 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2011-02-06 00:52:46 10752 ------w- c:\windows\system32\smtpapi.dll
2011-02-06 00:51:12 19569 ----a-w- c:\windows\000001_.tmp
2011-02-06 00:35:59 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-02-06 00:35:59 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-02-06 00:35:58 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-02-06 00:35:58 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-02-06 00:35:57 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-02-06 00:35:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-02-06 00:33:05 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-13 21:07:06 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\WeatherBug
2011-01-13 21:07:01 -------- d-----w- c:\docume~1\craig\applic~1\WeatherBug
2011-01-13 21:07:00 18944 ----a-r- c:\docume~1\craig\applic~1\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-01-13 21:06:14 -------- d-----w- c:\program files\common files\Oberon Media
2011-01-13 21:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Oberon Media
2011-01-13 21:05:57 -------- d-----w- c:\program files\PriceGong
2011-01-13 21:05:57 -------- d-----w- c:\program files\Oberon Media
2011-01-13 00:22:46 -------- d-----w- c:\docume~1\craig\applic~1\EpicBot
2011-01-13 00:18:43 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\Yahoo
2011-01-12 16:34:43 -------- d-----w- c:\documents and settings\craig\.jagex_cache_32
2011-01-12 16:28:29 -------- d-----w- C:\.jagex_cache_32

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 22:17:18.22 ===============

#5 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 03:19 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/27/2008 3:27:31 AM
System Uptime: 2/8/2011 2:18:36 PM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | Puffer
Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3201/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 226 GiB total, 43.515 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.764 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP633: 2/7/2011 7:11:35 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon CanoScan Toolbox 4.1
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan LiDE20,30 Manual
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Color LaserJet 1600
Comcast High-Speed Internet Install Wizard
Comcast PhotoShow Deluxe 4
Compatibility Pack for the 2007 Office system
Creative Memories Memory Manager 2
Creative Memories StoryBook Creator 2.0
dBpoweramp Music Converter
Download Updater (AOL LLC)
Encyclopedia of Everyday Law - Personal Edition
EnGraph QuickTimeKiller
Family Lawyer 2004
FirstClass® Client
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Product Detection
HP Software Update
HP Unload DLL Patch
HpSdpAppCoreApp
ImageMixer 3 SE
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPhone Configuration Utility
iTunes
Java™ 6 Update 11
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 3
Maxtor Manager
Memory Manager Shared Components Update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
muvee autoProducer 3.5 magicMoments - HPD
muvee autoProducer unPlugged - HPD
Nike+ Connect
Norton Security Suite
OmniPage SE
Otto
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
Picture Package Music Transfer
PS2
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Revo Uninstaller 1.80
Roxio Backup MyPC
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Sonic Encoders
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
The Rosetta Stone
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Vehicle Manager
Vehicle Manager Update
Vehicle Manager Update (C:\Program Files\Vehicle Manager\)
Viewpoint Media Player
Visual J# .NET Redistributable Package
WebFldrs XP
Wii Max Media Manager Pro
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/8/2011 2:38:47 PM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/8/2011 2:38:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
2/7/2011 10:12:17 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
2/6/2011 8:48:33 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CAITLYN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{80F6BC03-85E6-423. The master browser is stopping or an election is being forced.
2/6/2011 8:02:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
2/6/2011 8:02:50 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2011 8:01:34 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/6/2011 6:02:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SISAGP
2/6/2011 11:01:56 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00112F8BE13C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/6/2011 1:40:41 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2011 1:40:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/5/2011 9:44:27 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
2/5/2011 9:44:26 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
2/5/2011 7:36:31 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Craig.
2/5/2011 7:35:54 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 7:35:49 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 7:35:35 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 7:31:58 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
2/5/2011 7:07:06 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2011 7:07:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
2/5/2011 12:38:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
2/5/2011 12:38:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
2/5/2011 12:38:07 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2011 12:38:07 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2011 10:27:09 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\snchk.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:27:09 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
2/5/2011 10:26:45 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehituner.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:26:42 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehiepg.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:26:38 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ko\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:25:30 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ja\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:25:25 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\fr\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:25:23 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\de\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:25:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\zh-chs\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:25:14 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehcircl.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:23:38 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\wmpns.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/5/2011 10:04:34 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/4/2011 7:07:52 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2011 7:07:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/4/2011 7:02:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
2/4/2011 10:02:20 PM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
2/2/2011 9:03:19 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/2/2011 8:53:22 AM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 00112F8BE13C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

#6 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 09 February 2011 - 03:26 AM

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=============================================================================================

We need to double check your MBR.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

==========================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#7 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 03:49 AM

Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`9a352000
Boot sector MD5 is: d0092ea8b49beb951c2a605cc98c7847

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

#8 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 09 February 2011 - 04:22 AM

ComboFix 11-02-08.02 - Craig 02/08/2011 22:58:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT -5:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carolyn\Application Data\PriceGong
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Carolyn\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Craig\My Documents\cc_20110122.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 03:44 . 2011-02-09 03:44 -------- d-----w- c:\program files\7-Zip
2011-02-07 23:42 . 2011-02-07 23:42 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Malwarebytes
2011-02-06 17:46 . 2011-02-06 17:46 -------- d-----w- c:\program files\iPod
2011-02-06 03:24 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-02-06 03:24 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-02-06 03:24 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-02-06 03:24 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-02-06 03:24 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-02-06 03:24 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-02-06 03:23 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-02-06 03:23 . 2008-04-14 03:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-02-06 03:23 . 2008-04-14 03:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-02-06 03:23 . 2008-04-14 10:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-02-06 03:22 . 2008-04-14 05:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-02-06 03:22 . 2008-04-14 03:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-02-06 03:22 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-02-06 03:22 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-02-06 03:22 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-02-06 03:22 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-02-06 03:22 . 2008-04-14 03:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-02-06 03:22 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-02-06 03:22 . 2008-04-14 05:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-02-06 03:22 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-02-06 03:22 . 2008-04-14 03:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-02-06 03:22 . 2008-04-14 03:04 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-02-06 03:21 . 2008-04-14 03:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-02-06 03:21 . 2008-04-14 03:04 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-02-06 03:21 . 2008-04-14 03:04 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-02-06 03:21 . 2008-04-14 03:04 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-02-06 03:21 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2011-02-06 03:21 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-02-06 03:21 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-02-06 03:21 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-02-06 03:21 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-02-06 03:21 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-02-06 03:21 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-02-06 03:21 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-02-06 03:20 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-02-06 03:20 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-02-06 03:20 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-02-06 03:20 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-02-06 03:20 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-02-06 03:20 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-02-06 03:20 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-02-06 03:20 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-02-06 03:20 . 2008-04-14 05:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-02-06 03:20 . 2008-04-14 05:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-02-06 03:20 . 2008-04-14 03:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2011-02-06 03:19 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-02-06 03:19 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-02-06 03:19 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-02-06 03:19 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-02-06 03:19 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-02-06 03:19 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-02-06 03:19 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-02-06 03:19 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-02-06 03:19 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-02-06 03:19 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-02-06 03:19 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-02-06 03:18 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-02-06 03:18 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-02-06 03:18 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-02-06 03:18 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-02-06 03:18 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-02-06 03:18 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-02-06 03:18 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-02-06 03:18 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-02-06 03:18 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-02-06 03:18 . 2008-04-14 10:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-02-06 03:18 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-02-06 03:18 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-02-06 03:17 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-02-06 03:17 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-02-06 03:17 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-02-06 03:17 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-02-06 03:17 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-02-06 03:17 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-02-06 03:17 . 2008-04-14 05:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-02-06 03:17 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-02-06 03:17 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-02-06 03:16 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-02-06 03:16 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-02-06 03:16 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-02-06 03:16 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-02-06 03:16 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-02-06 03:16 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-02-06 03:16 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-02-06 03:16 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-02-06 03:16 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-02-06 03:16 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-02-06 03:16 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-02-06 03:15 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-02-06 03:15 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-02-06 03:15 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-02-06 03:15 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-02-06 03:15 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-02-06 03:15 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-02-06 03:15 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-02-06 03:15 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-02-06 03:15 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-02-06 03:15 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-02-06 03:13 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-02-06 03:13 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-02-06 03:13 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-02-06 03:13 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-02-06 03:13 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-02-06 03:13 . 2008-04-14 05:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-02-06 03:13 . 2008-04-14 05:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-02-06 03:13 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-02-06 03:13 . 2001-08-18 03:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-02-06 03:13 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-02-06 03:13 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-02-06 03:13 . 2008-04-14 03:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-02-06 03:13 . 2001-08-17 17:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-02-06 03:12 . 2001-08-17 17:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-02-06 03:12 . 2001-08-17 19:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-02-06 03:12 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-02-06 03:12 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-02-06 03:12 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-02-06 03:12 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-02-06 03:12 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-02-06 03:12 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-02-06 03:12 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-02-06 03:12 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-02-06 03:12 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-09-10 23:15 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 68856]
"Nike+ Connect"="c:\documents and settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-12 21:45 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Craig^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Craig\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Craig^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Craig\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 21:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 02:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-10 10:43 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-28 20:43 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-03 06:54 180269 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/26/2010 4:35 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/26/2010 4:35 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/26/2010 4:35 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110208.003\IDSXpx86.sys [2/8/2011 8:59 PM 341944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/17/2008 3:11 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/7/2010 7:40 PM 102448]
S2 gupdate1c9b4c19781a0b4;Google Update Service (gupdate1c9b4c19781a0b4);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 8:06 PM 133104]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [9/18/2009 10:21 PM 23096]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - uxldipob
.
Contents of the 'Scheduled Tasks' folder

2011-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2011-02-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-28 00:28]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 01:06]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 01:06]

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{F1E42CC7-D5B1-407C-BCDE-E679B2B10781}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: hilton.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-MCODS
MSConfigStartUp-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 23:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\Software\SecuROM\License information*]
"datasecu"=hex:8a,37,a0,e4,9b,e6,90,da,ee,b4,7a,46,dc,f5,9e,69,d0,71,df,4d,04,
ec,e1,e1,e1,84,a3,96,62,14,55,e6,53,12,7b,34,ce,be,02,66,6f,fb,cb,04,4c,d7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2011-02-08 23:20:10
ComboFix-quarantined-files.txt 2011-02-09 04:19

Pre-Run: 46,677,708,800 bytes free
Post-Run: 48,133,353,472 bytes free

- - End Of File - - 16C8E4771CF17C578029842D442A33EA

#9 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 09 February 2011 - 04:26 AM

Combofix looks good now :)

We need to fix your MBR.

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh MBRCheck log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

#10 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 10 February 2011 - 01:03 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B6F000 \WINDOWS\system32\KDCOM.DLL
0xF7A7F000 \WINDOWS\system32\BOOTVID.dll
0xF7620000 ACPI.sys
0xF7B71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF760F000 pci.sys
0xF766F000 isapnp.sys
0xF7B73000 intelide.sys
0xF78EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF767F000 MountMgr.sys
0xF75F0000 ftdisk.sys
0xF7B75000 dmload.sys
0xF75CA000 dmio.sys
0xF78F7000 PartMgr.sys
0xF768F000 VolSnap.sys
0xF75B2000 atapi.sys
0xF769F000 disk.sys
0xF76AF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7592000 fltmgr.sys
0xF7580000 sr.sys
0xF7531000 SYMEFA.SYS
0xF751A000 drvmcdb.sys
0xF76BF000 PxHelp20.sys
0xF7503000 KSecDD.sys
0xF7476000 Ntfs.sys
0xF7449000 NDIS.sys
0xF76CF000 SISAGPX.sys
0xF76DF000 ohci1394.sys
0xF76EF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF742F000 Mup.sys
0xF771F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF780F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7043000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF702F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7997000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6FE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF799F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF781F000 \SystemRoot\system32\DRIVERS\R8139n51.SYS
0xF6F1C000 \SystemRoot\system32\DRIVERS\hcwPVRP2.sys
0xF782F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF6EF9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6DC3000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79A7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6DAF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF783F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79AF000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7B1F000 \SystemRoot\system32\drivers\pfc.sys
0xF784F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF785F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79B7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7DAA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF786F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B2B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D98000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF787F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF788F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6CBF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF789F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79C7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6C8F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E7000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7B97000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C31000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF772F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE9D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE9AD000 \SystemRoot\system32\drivers\portcls.sys
0xF775F000 \SystemRoot\system32\drivers\drmk.sys
0xF776F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B9B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB6785000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xB663A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVEX15.SYS
0xF79F7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6615000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB6601000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVENG.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xF6CF0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7A2F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6CE4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A37000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A3F000 \SystemRoot\system32\DRIVERS\hidir.sys
0xF6CE0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF77BF000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xF7BE1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D8A000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A57000 \SystemRoot\System32\drivers\vga.sys
0xF7BE5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A5F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A67000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6C21000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB65CE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6575000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB654F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB651B000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7A77000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xB6506000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xF7907000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xB6486000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110209.001\IDSxpx86.sys
0xB645E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB643C000 \SystemRoot\System32\drivers\afd.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6C0D000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB641B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF792F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB63F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6380000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6D68000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6322000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB6305000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB628A000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xB6248000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xB6224000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB61E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C27000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB621C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A07000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C7A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF181000 \SystemRoot\System32\atiok3x2.dll
0xBF1CC000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xB3E84000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3894000 \SystemRoot\system32\drivers\wdmaud.sys
0xB38D1000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3819000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3DAC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB31F6000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2FE5000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xF7BC7000 \SystemRoot\system32\drivers\MSPQM.sys
0xB2A56000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
696 C:\WINDOWS\system32\smss.exe
816 csrss.exe
864 C:\WINDOWS\system32\winlogon.exe
924 C:\WINDOWS\system32\services.exe
936 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\ati2evxx.exe
1136 C:\WINDOWS\system32\svchost.exe
1228 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1548 C:\WINDOWS\system32\ati2evxx.exe
1576 svchost.exe
1636 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1972 C:\WINDOWS\explorer.exe
224 C:\WINDOWS\system32\spoolsv.exe
444 svchost.exe
400 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
512 C:\Program Files\Bonjour\mDNSResponder.exe
620 C:\WINDOWS\ehome\ehRecvr.exe
660 C:\WINDOWS\ehome\ehSched.exe
804 C:\WINDOWS\ehome\ehtray.exe
852 C:\WINDOWS\system\hpsysdrv.exe
1176 C:\WINDOWS\system32\ps2.EXE
1268 C:\WINDOWS\AGRSMMSG.exe
1344 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
1432 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
1532 C:\Program Files\Google\Update\GoogleUpdate.exe
1200 C:\Program Files\Java\jre6\bin\jqs.exe
1588 C:\Program Files\iTunes\iTunesHelper.exe
1472 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1756 C:\Documents and Settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
980 C:\Program Files\Maxtor\Sync\SyncServices.exe
1780 C:\WINDOWS\system32\ctfmon.exe
612 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
732 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
1920 C:\WINDOWS\system32\svchost.exe
2556 C:\WINDOWS\system32\wuauclt.exe
2964 C:\Program Files\Canon\CAL\CALMAIN.exe
3856 C:\Program Files\iPod\bin\iPodService.exe
2856 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
1404 alg.exe
644 C:\WINDOWS\system32\dllhost.exe
3340 C:\WINDOWS\system32\wuauclt.exe
1480 wmiprvse.exe
1292 C:\WINDOWS\SoftwareDistribution\Download\75bc394c671112128c28f6fa72e93830\update\update.exe
3864 C:\Documents and Settings\Craig\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9a352000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JD-22HBB0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

#11 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 10 February 2011 - 01:42 AM

Good job :)

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#12 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 10 February 2011 - 02:25 AM

OTL logfile created on: 2/9/2011 9:07:16 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 387.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 26.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.47 Gb Total Space | 43.98 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
Drive D: | 6.40 Gb Total Space | 0.76 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 21:06:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/01 10:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Documents and Settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/02/26 16:18:56 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/07/21 16:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/28 15:43:20 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2002/10/16 18:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

========== Modules (SafeList) ==========

MOD - [2011/02/09 21:06:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/26 16:18:44 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 16:18:56 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - [2010/12/16 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110209.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/26 16:19:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 16:18:59 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/26 16:18:59 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 16:18:59 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/26 16:18:59 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/02/26 16:18:59 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 16:18:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/02/26 16:18:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/02/26 16:18:59 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/02/26 16:18:59 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/02/26 16:18:58 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/02/26 16:18:58 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/09/17 05:52:06 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2009/02/04 02:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/17 15:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/17 15:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/24 16:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/09/21 15:59:52 | 000,099,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2004/09/01 19:17:12 | 000,812,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16)
DRV - [2004/08/04 07:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/19 19:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 06:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/07 01:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/27 09:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/05/07 05:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1258514592-968206258-312667793-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 19:08:44 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/02/08 23:13:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuicktimeKiller\QuickTimeKiller.exe ( )
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1258514592-968206258-312667793-1009..\Run: [Nike+ Connect] C:\Documents and Settings\Craig\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKU\S-1-5-21-1258514592-968206258-312667793-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: hilton.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {23843D23-7065-442B-B30D-084B5F20EC89} https://hlbfs.hilton...FoodRevenue.CAB (HlbfsFoodRevenue.ctlHlbfsFoodRev)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...6/uploader2.cab (UploadListView Class)
O16 - DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} http://eis.hilton.co...eportViewer.CAB (ReportViewerCtl.ctlReportViewer)
O16 - DPF: {5D5971B4-64EC-11D5-93DD-0004AC152B66} https://hlbfs.hilton...tivityLabor.CAB (HlbfsProdLabor.ctlHlbfsProdLabor)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1221265849843 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7ED81BA9-8803-4468-A4D6-5DBE726F6C3D} https://hlbfs.hilton...OtherRevExp.CAB (HlbfsOtherRevExp.ctlHlbfsOre)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} http://www.comcastsu...Comcast.Ocf.cab (OneClickFixes Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} http://www.cmphotoce...ropUploader.cab (Pixami Drag/Drop Upload UI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DD7074EB-1436-11D3-BBF3-000086195AD6} https://hlbfs.hilton...bfsTaskList.CAB (HlbfsTaskList.ctlHlbfsTaskList)
O16 - DPF: {E2257343-7021-4ABB-B0C0-8C5DE34D2A9A} https://hlbfs.hilton...acilityList.CAB (HlbfsFacilityList.ctlHlbfsFacilityList)
O16 - DPF: {E284F055-5DC1-11D2-9807-0000C9143A3F} http://eis.hilton.co...ps/BaseDlls.CAB (SystemFiles.BaseDlls)
O16 - DPF: {F54E842D-B04B-4A2C-953A-FC5D69909B84} https://hlbfs.hilton...bfsQuickORE.CAB (HlbfsQuickORE.ctlHlbfsQuickORE)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/27 03:27:01 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 21:06:05 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2011/02/09 19:55:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/08 22:54:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/08 22:54:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/08 22:54:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/08 22:54:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/08 22:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/08 22:54:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/08 22:53:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/08 22:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/02/08 22:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/02/06 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/06 12:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/05 22:24:56 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/02/05 22:24:51 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/02/05 22:24:02 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/02/05 22:23:56 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/02/05 22:22:55 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/02/05 22:22:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/02/05 22:22:37 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/02/05 22:22:08 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/02/05 22:21:45 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/02/05 22:21:40 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/02/05 22:21:35 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/02/05 22:21:25 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/02/05 22:21:19 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/02/05 22:21:13 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/02/05 22:21:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/02/05 22:20:41 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/02/05 22:20:19 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/02/05 22:20:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/02/05 22:20:09 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/02/05 22:20:03 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/02/05 22:19:35 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/02/05 22:19:16 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/02/05 22:19:11 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/02/05 22:18:50 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/02/05 22:18:45 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/02/05 22:18:41 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/02/05 22:18:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/02/05 22:18:31 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/02/05 22:18:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/02/05 22:17:28 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/02/05 22:17:20 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/02/05 22:17:16 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/02/05 22:17:14 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/02/05 22:17:08 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/02/05 22:17:02 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/02/05 22:16:43 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/02/05 22:16:39 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/02/05 22:15:36 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/02/05 22:15:31 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/02/05 22:15:27 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/02/05 22:15:20 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/02/05 22:15:12 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/02/05 22:14:41 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/02/05 22:14:00 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/02/05 22:13:54 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/02/05 22:13:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/02/05 22:13:44 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/02/05 22:13:40 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/02/05 22:13:06 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/02/05 22:13:01 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/02/05 22:12:57 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/02/05 22:12:47 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/02/05 22:12:16 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/02/05 22:12:12 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/02/05 22:12:07 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/02/05 22:12:03 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/02/05 22:11:29 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/02/05 22:11:20 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/02/05 22:11:15 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/02/05 22:10:55 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/02/05 22:10:50 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/02/05 22:10:46 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/02/05 22:10:42 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/02/05 22:10:37 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/02/05 22:10:33 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/02/05 22:10:29 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/02/05 22:10:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/02/05 22:10:20 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/02/05 22:10:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/02/05 22:10:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/02/05 22:10:04 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/02/05 22:10:03 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/02/05 22:09:45 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/02/05 22:09:36 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/02/05 22:09:31 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/02/05 22:09:25 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/02/05 22:09:05 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/02/05 22:09:00 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/02/05 22:08:19 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/02/05 22:08:15 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/02/05 22:08:11 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/02/05 22:07:55 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/02/05 22:06:45 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/02/05 22:06:29 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/02/05 22:06:27 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/02/05 22:06:23 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/02/05 22:05:29 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/02/05 22:05:25 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/02/05 22:05:21 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/02/05 22:05:15 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/02/05 22:04:47 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/02/05 22:04:05 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/02/05 22:04:00 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/02/05 22:03:51 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/02/05 22:03:37 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/02/05 22:03:33 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/02/05 22:03:20 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/02/05 22:03:16 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/02/05 22:03:13 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/02/05 22:03:09 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/02/05 22:03:05 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/02/05 22:03:01 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/02/05 22:02:49 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/02/05 22:02:45 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/02/05 22:02:41 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/02/05 22:02:37 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/02/05 22:02:33 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/02/05 22:01:29 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/02/05 22:00:42 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/02/05 22:00:12 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/02/05 22:00:08 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/02/05 22:00:06 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/02/05 22:00:03 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/02/05 22:00:02 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/02/05 21:59:59 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/02/05 21:59:46 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/02/05 21:59:42 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/02/05 21:59:38 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/02/05 21:59:34 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/02/05 21:59:28 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/02/05 21:59:24 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/02/05 21:58:08 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/02/05 21:57:14 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/02/05 21:55:01 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/02/05 21:54:48 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/02/05 21:54:10 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/02/05 21:54:08 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/02/05 21:54:04 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/02/05 21:53:46 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/02/05 21:53:37 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/02/05 21:53:34 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/02/05 21:53:28 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/02/05 21:53:25 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/02/05 21:53:22 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/02/05 21:53:19 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/02/05 21:52:57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/02/05 21:52:52 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/02/05 21:52:49 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/02/05 21:50:48 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/02/05 21:50:40 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/02/05 21:50:27 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/02/05 21:50:23 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/02/05 21:50:22 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/02/05 21:50:15 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/02/05 21:50:13 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/02/05 21:50:12 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/02/05 21:50:10 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/02/05 21:50:07 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/02/05 21:49:37 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/02/05 21:49:35 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/02/05 21:49:30 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/02/05 21:48:56 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/02/05 21:48:55 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/02/05 21:48:53 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/02/05 21:48:52 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/02/05 21:48:50 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/02/05 21:48:48 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/02/05 21:48:47 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/02/05 21:48:44 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/02/05 21:48:33 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/02/05 21:48:12 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/02/05 21:48:00 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/02/05 21:47:50 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/02/05 21:47:49 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/02/05 21:47:48 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/02/05 21:47:47 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/02/05 21:47:46 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/02/05 21:47:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/02/05 21:47:41 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/02/05 21:47:40 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/02/05 21:47:39 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/02/05 21:47:36 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/02/05 21:47:35 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/02/05 21:46:45 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/02/05 21:46:44 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/02/05 21:46:43 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/02/05 21:46:42 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/02/05 21:46:41 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/02/05 21:46:40 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/02/05 21:46:39 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/02/05 21:46:38 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/02/05 21:46:36 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/02/05 21:46:35 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/02/05 21:46:34 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/02/05 21:46:32 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/02/05 21:46:31 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/02/05 21:46:30 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/02/05 21:46:29 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/02/05 21:46:28 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/02/05 21:46:27 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/02/05 21:46:27 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/02/05 21:46:21 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/02/05 21:46:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/02/05 21:46:14 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/02/05 21:46:12 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/02/05 21:46:12 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/02/05 21:46:10 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/02/05 21:46:09 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/02/05 21:46:09 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/02/05 21:45:34 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/02/05 21:45:24 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/02/05 20:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/05 19:36:12 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/02/05 19:36:10 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/02/05 19:36:09 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/02/05 19:36:09 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/02/05 19:36:08 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/02/05 19:36:05 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/02/05 19:36:01 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/02/05 19:36:00 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/02/05 19:35:58 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/02/05 19:35:58 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/02/05 19:35:57 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/01/22 12:52:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Craig\Recent
[2011/01/13 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\WeatherBug
[2011/01/13 16:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\WeatherBug
[2011/01/13 16:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2011/01/13 16:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/01/13 16:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011/01/13 16:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2011/01/13 15:43:19 | 002,181,752 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe123.exe
[2011/01/12 19:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\My Documents\EpicBot
[2011/01/12 19:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\EpicBot
[2011/01/12 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\Yahoo
[2011/01/12 19:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/12 19:10:04 | 002,181,752 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe
[2011/01/12 11:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\.jagex_cache_32
[2011/01/12 11:28:29 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2 C:\Documents and Settings\Craig\My Documents\*.tmp files -> C:\Documents and Settings\Craig\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 21:17:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1E42CC7-D5B1-407C-BCDE-E679B2B10781}.job
[2011/02/09 21:06:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2011/02/09 20:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 19:39:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/09 19:38:43 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/02/09 19:38:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 19:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/09 19:36:12 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 18:45:01 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2011/02/09 18:32:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/02/08 23:13:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/08 22:51:22 | 004,265,447 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\ComboFix.exe
[2011/02/08 22:08:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2011/02/08 21:59:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\wmbbqf2k.exe
[2011/02/08 21:30:15 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\Computer help forum.url
[2011/02/07 20:34:36 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\vmjos8gb.exe
[2011/02/06 15:34:25 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\Virtual Dr Malware.doc
[2011/02/06 12:49:00 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/05 20:47:42 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/05 20:23:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/05 20:12:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/05 20:04:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/04 22:20:28 | 000,000,272 | RHS- | M] () -- C:\boot.ini
[2011/02/03 17:37:41 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\Period_2_Reflection[1].doc
[2011/01/29 15:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/26 16:26:23 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\Revolution.doc
[2011/01/22 12:56:58 | 000,037,720 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\cc_20110122_125650.reg
[2011/01/17 11:33:13 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Craig\jagex_runescape_preferences.dat
[2011/01/17 11:32:45 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Craig\jagex_runescape_preferences2.dat
[2011/01/14 07:33:59 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\Outsiders quotes.doc
[2011/01/13 17:30:53 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\outsider year book pony boy.doc
[2011/01/13 17:28:29 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\outsiders darry.doc
[2011/01/13 17:25:36 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\outside soda.doc
[2011/01/13 17:19:42 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\outsiders yearbook Dally.doc
[2011/01/13 15:43:21 | 002,181,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe123.exe
[2011/01/12 19:10:06 | 002,181,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe
[2 C:\Documents and Settings\Craig\My Documents\*.tmp files -> C:\Documents and Settings\Craig\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:54:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/08 22:54:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/08 22:54:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/08 22:54:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/08 22:54:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/08 22:51:18 | 004,265,447 | R--- | C] () -- C:\Documents and Settings\Craig\Desktop\ComboFix.exe
[2011/02/08 22:08:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2011/02/08 21:59:21 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\wmbbqf2k.exe
[2011/02/08 05:34:19 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\Computer help forum.url
[2011/02/07 20:34:35 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\vmjos8gb.exe
[2011/02/06 15:34:25 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\Virtual Dr Malware.doc
[2011/02/06 12:49:00 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/05 22:24:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/02/05 22:24:45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/02/05 22:08:04 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/02/05 22:07:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/02/05 22:01:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/02/05 21:59:17 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/02/05 21:57:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/02/05 21:54:58 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/02/05 21:54:51 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/02/05 21:54:45 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/02/05 21:54:39 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/02/05 21:54:32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/02/05 21:54:13 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/02/05 21:50:20 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/02/05 21:50:18 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/02/05 21:50:17 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/02/05 21:45:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/02/05 21:45:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/02/05 21:45:56 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/02/05 21:45:55 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/02/05 21:45:54 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/02/05 21:45:53 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/02/05 21:45:52 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/02/05 21:45:51 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/02/05 21:45:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/02/05 21:45:42 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/02/05 19:56:50 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/03 17:37:40 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\Period_2_Reflection[1].doc
[2011/01/26 16:26:23 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\Revolution.doc
[2011/01/22 12:56:54 | 000,037,720 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\cc_20110122_125650.reg
[2011/01/14 07:33:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\Outsiders quotes.doc
[2011/01/12 20:32:05 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\outsiders darry.doc
[2011/01/11 21:09:56 | 000,108,544 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\outside soda.doc
[2011/01/11 19:27:25 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\outsider year book pony boy.doc
[2011/01/11 17:02:11 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Craig\My Documents\outsiders yearbook Dally.doc
[2010/08/07 10:14:28 | 000,170,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/04 21:30:28 | 000,043,674 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/06/04 19:02:16 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/02/17 20:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2008/06/21 12:17:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2008/05/18 10:13:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Craig.ini
[2008/05/18 07:33:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2008/04/09 15:48:49 | 000,001,158 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/02/18 20:47:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/12 21:53:33 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2008/02/06 20:34:10 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/02/04 19:09:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/02/03 15:30:29 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/02 18:17:53 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2008/02/01 18:30:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sbewin32.INI
[2008/02/01 18:30:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/27 05:08:54 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/27 04:09:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\fusioncache.dat
[2008/01/27 03:32:58 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP1600.DLL
[2008/01/27 03:32:56 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\ZHP1600R.DLL
[2008/01/27 03:32:55 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGI1600.DLL
[2008/01/27 03:25:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/27 03:25:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/27 03:25:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/27 03:25:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/27 03:25:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/27 03:25:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/09/03 17:56:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/03 02:39:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/09/03 02:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/09/03 02:39:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/09/03 02:33:49 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/09/03 02:29:30 | 000,025,995 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/09/03 02:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/09/03 02:17:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/03 01:13:15 | 000,005,546 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/09/03 01:05:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/03 01:01:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2004/09/03 00:50:24 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/09/03 00:21:43 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/09/03 00:21:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/09/03 00:21:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/02 23:52:23 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/02 23:25:54 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 16:34:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/29 07:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/06 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/02/27 19:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2004/09/03 02:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/03/25 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009/06/24 16:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/02/06 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/11/21 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2004/09/03 02:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/01/13 16:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/03/12 21:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/03 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2009/06/05 15:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/06/04 19:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/11/18 19:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/07/01 22:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/08 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/02/05 09:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/14 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 19:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 07:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/30 18:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\acccore
[2008/03/25 07:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Broderbund Software
[2009/11/07 17:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Canon
[2010/09/23 14:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GameBox
[2010/02/20 16:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Leadertech
[2004/09/03 02:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\SampleView
[2010/08/30 10:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\.minecraft
[2008/01/28 18:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\acccore
[2008/02/01 18:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Backup MyPC
[2011/02/08 21:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Canon
[2009/09/26 07:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Comcast
[2009/06/13 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Datel
[2011/01/12 19:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\EpicBot
[2009/03/09 12:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\InterVideo
[2008/01/27 04:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Leadertech
[2008/11/07 12:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\LimeWire
[2010/01/27 20:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\McGraw-HillLicensing
[2008/01/27 18:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\OfficeUpdate12
[2004/09/03 02:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\SampleView
[2009/06/04 19:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\ScanSoft
[2009/05/16 18:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Snapfish
[2010/10/29 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Sony Online Entertainment
[2011/01/13 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\WeatherBug
[2004/09/03 02:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/05/23 13:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/02/09 21:17:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1E42CC7-D5B1-407C-BCDE-E679B2B10781}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/27 03:27:01 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/27 03:22:43 | 000,000,204 | RHS- | M] () -- C:\BOOT.BAK
[2011/02/04 22:20:28 | 000,000,272 | RHS- | M] () -- C:\boot.ini
[2010/12/11 18:01:56 | 000,003,766 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2004/08/10 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/02/08 23:20:11 | 000,025,651 | ---- | M] () -- C:\ComboFix.txt
[2004/09/02 23:46:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/09 19:36:12 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2004/09/02 23:46:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/02 17:12:09 | 000,000,803 | -H-- | M] () -- C:\IPH.PH
[2011/02/06 15:36:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/09/02 23:46:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/01 22:26:18 | 000,001,054 | ---- | M] () -- C:\net_save.dna
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/22 21:01:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/09 19:36:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/09/02 23:45:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/11 11:37:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/06/27 07:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/07/27 12:10:27 | 000,278,528 | ---- | M] (Simple Star, Inc.) -- C:\WINDOWS\Comcast PhotoShow.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2011/01/09 18:19:35 | 000,001,288 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\WildTangent Games.lnk

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/02/02 18:17:53 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/09/02 16:33:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/02 16:33:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/02 16:33:03 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/02/05 19:53:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/01/27 04:10:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/09/02 23:52:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/08 22:51:22 | 004,265,447 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\ComboFix.exe
[2011/02/08 22:08:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2010/11/08 16:39:06 | 003,851,016 | ---- | M] (Nike) -- C:\Documents and Settings\Craig\Desktop\Nike+Connect_Installer.exe
[2011/02/09 21:06:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2011/02/07 20:34:36 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\vmjos8gb.exe
[2011/02/08 21:59:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\wmbbqf2k.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2005/06/09 18:15:49 | 005,870,785 | ---- | M] () -- C:\Documents and Settings\Craig\My Documents\bleeposaurus.exe
[2011/01/12 19:10:06 | 002,181,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe
[2011/01/13 15:43:21 | 002,181,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Craig\My Documents\epicbot.exe123.exe
[2 C:\Documents and Settings\Craig\My Documents\*.tmp files -> C:\Documents and Settings\Craig\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/01/27 04:10:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Craig\Favorites\Desktop.ini
[2008/01/27 21:41:10 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Craig\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/09 21:05:55 | 000,344,064 | -HS- | M] () -- C:\Documents and Settings\Craig\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2009/07/07 18:03:59 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2004/08/04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 18:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-06 01:43:59

< >

< End of report >

#13 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 10 February 2011 - 02:26 AM

OTL Extras logfile created on: 2/9/2011 9:07:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 387.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 26.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.47 Gb Total Space | 43.98 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
Drive D: | 6.40 Gb Total Space | 0.76 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()
"C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}" = Roxio Backup MyPC
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3F854FE1-FC68-4D80-9AF2-439B6981F24A}" = EnGraph QuickTimeKiller
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE
"{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}" = Memory Manager Shared Components Update
"{89BC121F-08BB-465A-8D09-3C438DD29773}" = Encyclopedia of Everyday Law - Personal Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95C2FBF3-4462-41E3-89DC-0F784387BD53}" = Family Lawyer 2004
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}" = Creative Memories StoryBook Creator 2.0
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE1D06A-79D3-41BC-854C-CDFD9C3554F0}" = Vehicle Manager
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BackWeb-309731 Uninstaller" = Updates from HP
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP-Color LaserJet 1600" = Color LaserJet 1600
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mavis3" = Mavis Beacon Teaches Typing 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.80
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = Vehicle Manager Update
"ST6UNST #2" = Vehicle Manager Update (C:\Program Files\Vehicle Manager\)
"The Rosetta Stone" = The Rosetta Stone
"Tweak UI 2.10" = Tweak UI
"Wii Max Media Manager Pro_is1" = Wii Max Media Manager Pro
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nike+ Connect" = Nike+ Connect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 3:01:28 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/6/2011 3:01:28 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/6/2011 3:01:28 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/6/2011 3:01:28 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/6/2011 7:03:19 PM | Computer Name = HP | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/6/2011 7:09:23 PM | Computer Name = HP | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/7/2011 4:11:51 PM | Computer Name = HP | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/8/2011 3:38:35 PM | Computer Name = HP | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 2/9/2011 12:27:49 AM | Computer Name = HP | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/9/2011 7:07:34 AM | Computer Name = HP | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 2/8/2011 3:38:47 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 2/9/2011 12:31:10 AM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/9/2011 12:31:11 AM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/9/2011 12:31:11 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 2/9/2011 12:32:33 AM | Computer Name = HP | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
with DCOM within the required timeout.

Error - 2/9/2011 7:11:14 AM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/9/2011 7:11:14 AM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/9/2011 7:11:14 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 2/9/2011 8:40:44 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 2/9/2011 8:45:17 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
with DCOM within the required timeout.

< End of report >

#14 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 10 February 2011 - 02:51 AM

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===========================================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: hilton.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1258514592-968206258-312667793-1009\..Trusted Domains: turbotax.com ([]https in Trusted sites)
[2011/01/13 16:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2 C:\Documents and Settings\Craig\My Documents\*.tmp files -> C:\Documents and Settings\Craig\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/02/08 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=========================================================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#15 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 11 February 2011 - 02:17 AM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hilton.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1258514592-968206258-312667793-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
C:\Program Files\PriceGong\2.1.0 folder moved successfully.
C:\Program Files\PriceGong folder moved successfully.
C:\Documents and Settings\Craig\My Documents\~WRL1372.tmp deleted successfully.
C:\Documents and Settings\Craig\My Documents\~WRL2054.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Carolyn
->Temp folder emptied: 151193 bytes
->Temporary Internet Files folder emptied: 10177739 bytes
->Java cache emptied: 225343 bytes
->Flash cache emptied: 5387 bytes

User: Craig
->Temp folder emptied: 9557060 bytes
->Temporary Internet Files folder emptied: 51412070 bytes
->Java cache emptied: 3272039 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 16230 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82190 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Carolyn
->Flash cache emptied: 0 bytes

User: Craig
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02102011_205033

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DF1121.tmp not found!
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DF11C1.tmp not found!
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DFA2E.tmp not found!
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DFA4B.tmp not found!
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DFFB5.tmp not found!
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\~DFFD6.tmp not found!
C:\Documents and Settings\Craig\Local Settings\Temporary Internet Files\Content.IE5\J2NZE14P\44003-hard-drive-busy-at-startup-10-15-min[1].htm moved successfully.
C:\Documents and Settings\Craig\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\JET916F.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_888.dat moved successfully.

Registry entries deleted on Reboot...

#16 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 11 February 2011 - 02:21 AM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

#17 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 11 February 2011 - 02:24 AM

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

#18 dtnyc Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Member

21 posts
Joined: February 08, 2011
1 topics
Skin: IP.Board
Local time: 06:56 AM

Zodiac:Cancer
OS:Windows XP
Country:

Offline

Posted 11 February 2011 - 02:53 AM

Broni...thanks for your help so far. I'm going run ESET overnight. Still experiencing 10-15 minutes of HD startup activity. Also receiving Java error upon startup after the last Java step. Should I re-install it? What do I do about my two additional USB drives that I have backed up to?

#19 Broni Re: [RESOLVED] Hard Drive Busy at Startup 10-15 min

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 04:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 11 February 2011 - 03:01 AM

If Java error concerns jusched.exe, disable it as a startup: http://www.howtogeek...-is-it-running/

Regarding your external drives...install this on your computer:

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine

Now, you're safe to connect those drives and scan them with your AV program.

I'll wait for Eset scan results.