Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Dropper.Win32.Agent.glez and/or back-door.greybird and/or Troja


  • This topic is locked This topic is locked

#1
GadgetAngel

GadgetAngel

    Member

  • Member
  • PipPip
  • 16 posts
Introduction
------------------
Trojan causing BSOD, anti-virus SW corrupted (or faked the corruption), MS Word corrupted, _IBHODisabled browser extensions in IE, JQS was used until I uninstalled java...INFECTED by Trojan-Dropper.Win32.Agent.glez or "back-door.greybird", sometime around 4/01/2012 on Dell Latitude X300. I found the infection when I tried using the Software CD I bought and Kaspersky caught the Trojan and stated it had only been detected a week before. I tried the Software CD on another computer on 5/1/2012, which was running the same Kaspersky did not detect the problem but now I have a lot of different problems. It tricked me into uninstalling Kaspersky but I got Norton Internet Security 2012 to install but Norton keeps identifying it as "back-door.greybird", tries to delete it on reboot but can't.

Letter Calling Out to the Havens for HELP
---------------------------------------------------------

Hello,

I hope I can get some help??. I know I have a Trojan on my system and it's a very sophisticated one. It tricked me into believing that Kaspersky Internet Security 2012 had corrupted components. So I needed to do a reinstall. I uninstalled but when I tried to reinstall I could not get my anti-virus software reinstalled. I have been trying to solve this myself since May 1st and have not been successful at getting this Trojan clean from my system. I promise if you help me I will not question what you are telling me or what you tell me to do and I follow direction very well. I'm very well versed in computer technology but totally inept at solving this type of problem. I feel like I am trapped in a Chinese trick finger toy even though I have all this college eduction in computer engineering which shows its not worth much because I can't think like someone who has written software that is and acts like a Trojan. So please help me. The following is a very through and accurate, detailed, but loving description of the problem (that is why it is so long, but I am only giving you this because you asked for it and I'm an engineer who is detailed oriented)

It begins here:

I have already run Kaspersky rescue boot disk on the system and made sure the booted Kaspersky scanner had all the latest database definition files. The scan took all night and showed 0 infected objects. This scan was done under a NON-Windows OS. I booted up into Windows XP Pro SP3 on the Dell Latitude X300 (250 GB HD) - this is the infected system. I tried to load Kaspersky again. This time Kaspersky started to load, But Kaspersky got to the point in its install processes where the program starts looking for incompatible software before doing the actual install. The Kaspersky program indicated that it had found an incompatible program and was going to try to uninstall it. The problem was that the list of incompatible programs was empty!!! So the install program at this point just kept going in circles forever. So when I tried to install Kaspersky again, Kaspersky caused an "A Process or thread to system operation has unexpectedly excited or been terminated" BSOD, let us call this the "Terminator BSOD". I tried installing MS Windows XP debugging tools with assembly symbols to detect the cause of the error by looking at the memory dump file but the Trojan causes another BSOD when I try to install the debugging tools. This BSOD said a "KERNAL_STACK_INPAGE_ERROR" followed by "check to make sure any new hardware or software is properly installed...If problem continues, disable or remove any newly installed hardware or software...ect". Let' call this the "Kernel BSOD". The reason for giving theses BSOD short names is because these are the ONLY TWO BSOD that this Trojan uses to shutdown my system. The only thing that changes are the hexadecimal memory addresses.

Right after Kaspersky was uninstall I started to notice my browsers were getting slower. I used Security Task Manager and saw a bunch of these browser extensions that were hidden but were starting up with Firefox and IE. Security Task Manager also pointed out that these browser extensions and their corresponding CSIDs in the registry did not point to any existing files. SO, I went into the registry to clean out the keys. They were all fake keys!!!. The Trojan took an actual browser helper and appended _IBHODisabled on the end of the file in the registry value, not onto the actual browser helper file itself (of course I had not known this when I uninstalled Firefox).

I decided to start keeping a log of all my screw ups so I opened MS Word but to my big surprise all these weird looking error boxes started to appear on the screen (especially, the error box from MS asking if it can collect data from your system to send back to MS). Before touching anything I pulled the plug on my Ethernet card and disabled the wireless card. I than decided to start performing print screens from that point forward to start showing what was going on with my laptop. One thing I did notice was that if an error message was being generated by the Trojan the error box would stay on top of anything else in the window and would allow the user to bring up paint while waiting for an input. It has been my experience that MS error boxes do not allow the user to do anything else until the user handles the error (how many times have we all heard that bong bong!!).

Well I also noticed that Security Task Manager was showing me that even though I was running Java 6 u31, my system was requiring Java Quick Start (JQS) to Run at start up. Also JQS was loading stuff from my "local settings\ Temp" area. So I disable the JQS service through services because when I tried to us the Java control panel, I got the following error "Java Virtual Machine Launcher could not find the main class: com.sun.deploy.panel.controlpanel. Program will exit". This never happened before a caught the " Trojan-Dropper.Win32.Agent.glez "or is this one from the fake "java.exe" Trojan that was out a while back? So now I'm wondering if I'm dealing with more than one infection. When I disabled the JQS service on reboot Windows XP Pro SP3 would hang. It would never reach the login screen. I rebooted into safe mode enabled the JQS service and rebooted. This time Windows XP Pro SP3 booted normally.

JQS is not required at version 6 update 31 and I had not configured this computer to have it running because I make it a standard practice not to have something running eating up resources just to make the software load faster. But this Trojan has locked me out of the control panel. I could not even uninstall Java through the Add/ Remove programs. So I used "Revo Unistaller Pro" to uninstall java. I also deleted all the Java directories in my "\Local Setting\Temp\." directory. I did a reboot and now my login profile was messed up.

So I started to use my second admin account.

I login and did a couple of rounds of scan disk on the c: drive ( OS drive). Scan disk found bad clusters and fixed them. I ran scan disk until the disk looked clean and then I ran disk defrag. With all the BSOD I wanted to ensure the integrity of my hard drive. I ALSO ran a memory and device diagnostics on my machine (dell CD diagnostics for Latitude X300). MEMORY PASSED AND SO DID all the other devices except my hard drive threshold on bad clusters was past it threshold indicating I should backup the drive in case the disk fails. So at some point I would need to do a DOS ghost backup. BUT I wanted this Trojan off this disk before doing a ghost backup.


Today (May 15, 2012) I could not do the following (4 items):

1. Can't wipe - free space - on the c: drive (OS drive) without getting BSOD (just one of the two mentioned above)

2. Can't perform windows update, why is Windows Update trying to update .NET framework and Silverlight when I know that they have been updated. Something on my system is rolling back software to much earlier versions. When Windows update tried to run I got another BSOD (just one of the two mentioned above)


3. Can't run SFC /runonce. It end with a BSOD (just one of the two mentioned above)


4. java Scripts are running directly off my hard drive on IE pages that are hidden from me, the only way I caught this was pulling the hardwired Ethernet cable off the laptop (I had it hooked up just to see if something different was going to happen and it did) I got an script error occurred on the IE page do you want to continue with the script? Question box. The error box showed that the script was running straight off of my C:\\ drive!!

(5 item continuation of things I did after May 15th:)
5. Open Adobe Acrobat X and now it gets an error that it has been corrupted. It worked the first time but after being opened for about two minutes something in the system started an install and afterwords it showed an error box stating it needed to send info back about an error on Adobe Acrobat and it would need to close the program. The next time I tried to open Adobe Acrobat X is when Adobe Acrobat X stated it was corrupted. This is the exact behavior I got when MS Word stopped working on me. I have the print screens of these boxes and the XML file the Trojan generated. It appears to be collecting the modules that make up a program like Acrobat or MS Word. It collects the information in a generated XML file that it than reads and then generates corrupted files or modules but with the same signature, size, date and everything else to trick Windows WFS into thinking that the files or .dll have not changed. When the fake error boxes are generated, I can look at the details (they make the error boxes as believable as possible, and most error boxes have a hyperlink so you can see what files will be sent) so I notice that the files are located in my " local settings\Temp" directory. I go to that directory and sort it by date so I can find all files or folders just generated. I FIND a "daw.log" file, a "random name.txt " file that they list in the error box and I find a "random named.dmp " file that I can't access. The "random name.txt" I can open and read. THIS FILE JUST STATES THE EXACT WORDS THAT WERE USED IN THE FAKE ERROR BOX. The daw.log file states the time and date the exception occurred and when the Trojan generated these fake boxes. The "random named.dmp" file I could not open because I still had the fake error boxes on the screen so a process was still using the file. I OPENED "PROCESS EXPLORER" and searched for the exact "name.dmp" file. The process that was holding the "name.dmp" file open was called sbautoupdate.exe. This sbautoupdate.exe is fake because their are two running in task manager (one is the true SpywareBlaster Updater) so I kill the process that was holding the "name.dmp" open. BTW the process that was holding the "name.dmp" file open was owned by a user that is not on my system but was created by something in the system because the user account can only be found in the registry "S-X-X-XXXXXXXXXXXXX-10003". This user account has the permission (default On) to impersonate a user. Is this part of the problem?

After KILLING the process owned my this unusual user account, I found out I could have access to the "name.dmp" file. When I accessed the "name.dmp" file it was empty!!

I believe my Kernal32.dll has been changed like this. I just can't find the program that is doing this.
I suspect that since I could not do a wipe on free space on the c: drive that the program is hiding in free space on the c: drive somehow. Maybe I'm wrong at this point I feel like I'm pulling my hair out.

I went to another one of my networked computers to start collecting the DOS drivers I would need to have to do a ghost backup of this c: infected drive. But now I'm starting to see some of these same artifacts (mentioned above) showing up on this other machine (hooked to the same intra-net) so now I am now really worried that this Trojan is spreading across my home network, which has quite a few machines on it!! NOW THIS TROJAN REALLY HAS MY ATTENTION. I am desperate for help here.

I have like 10 machines. If this Trojan can spread across my intra-net I'm in great trouble. The machines on my home network all run Window XP Pro SP3, Windows 7 SP1, the latest MAC OS, iOS or Android 4.0 (and the latest update) So, if you can help me than maybe I can take care of curing the other machines without bothering you too much.

When I finally got ready to do a Ghost back up of the "c: infected" drive to an external USB drive, I notice while booted in DOS that my boot (DOS) external disk drive has this new $recycle bin$ directory on the drive. On looking in side the $recycle bin$ I find some other directories all with random characters and numbers for names which is unusual. Going into a couple of these directories drilling down until I found a file to open and I could read ASCII characters which said "found new computer image".. Interesting, i thought because I saw these same types of files on my c: drive and the file names all began with "_Restorexxxx" AND Now I find them on my f: drive. This also reminded me that I found that XP had "auto-magically" turned on restore monitoring for these other two drives. I turned off the restore monitoring before leaving XP and booting into DOS. It can not be an accident that the files being used by the Trojan are made to look like restore points!!

I tried doing the DOS ghost back up but when I ran ghost.exe I got a checksum error immediately back never even saw the DOS UI. So I threw up my hands and put the computer away for a day before I threw it out the window. I order Ghost 10 CD and received it two day later. I tried running the Ghost Backup Directly from the CD ghost recovery environment . Ghost 10 Recovery Environment Booted (it uses Win-PE) and I had access to some Norton Utilities. I open Norton Disk Doctor and it indicated that my external DOS drive (FAT32) geometry was messed up. Apparently the Partition table had been tampered with so that the last cylinder was set to be equal to the total number of cylinders on the drive (which is wrong) and that the last head was one great than it should be. Also the external drive that I was going to save the image of the c: drive to (an NTFS terabyte drive just bought last month) was corrupted because the last head was one great than expected. I had Norton Disk Doctor fix and scan the drives but each time I went back and look at the partition table information it kept telling me that the partition tables on the disk drives were not fixed. This is getting frustrating. I ignored the results and tried to do the ghost image but due to bad clusters on the "c: infected drive" even with the ghost switch forcing ghost to ignore bad clusters on the source drive, Ghost just got stuck at the bad cluster section of the disk. All the bad clusters are in the free space on the disk drive. So I given up hope of making a backup image of the drive now I just want to clean out the infection and take the drive out, replace it with the new drive and reinstall windows. But use the non-infected drive in a USB conversion kit so I can copy all the files over to the new drive with out worrying about infecting the new drive and the new installation of Windows XP Pro SP3

I am down to my last option. The c: drive has to be cleaned and taken out and replaced but I need the files and programs on the disk to be moved over to the new drive. HELP ME PLEASE. I have 4 different times that I did an OTL run on the machine while I was trying stuff out. These scans are dated on May 14th, May 18th, May 27th and lastly May 31, 2012. Since the scan looks back at stuff created in the past 30 days from the date of the scan it might be useful to look at least two of these. I have attached May 14thAttached File  OTL_5_14_2012.Txt   116.15KB   29 downloadsand May 27thAttached File  OTL_5_27_2012.Txt   124.78KB   43 downloads. If you want to see any of the others let me know.

If anyone can help me make the c: drive clean of any infections I would appreciate it.

Regards,

GadgetAngel
  • 0

Advertisements


#2
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
New Information:

Today when I turned on my machine I got the following message: "Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied!" The box came with an OK button. So I pressed it and Windows XP SP3 logged me in with the default profile. I then proceeded to go into the registry to change the HK_USERS key S-1-5-XXXXXX-XXXXXXX-10003 permissions back to Full Control, Write, and Read on the Administrators, my account, my other admin account, system account. I had previously set them to Read Only. Because Norton Internet Security 2012 was trying to delete these keys from the registry and it could not because they were in use. I log out. Then logged back in under my account with out getting the " Windows cannot load the user's profile...." message. So apparently these unusual accounts in HK_USERS need Full Control or Write access or your profile gets messed up.

I'm still getting a lot of BSOD due to "A Process or thread to system operation has unexpectedly excited or been terminated". I believe I have figured out that the other BSOD that I get the one stating ""KERNAL_STACK_INPAGE_ERROR" followed by "check to make sure any new hardware or software is properly installed...If problem continues, disable or remove any newly installed hardware or software...ect" is due to the Bad CLUSTERS On THE DISK DRIVE. I research the other on the web and I keep getting that it indicated bad memory but I have run memory checks on this infected machine and MEMORY is just fine. If you look at the OTL files I have some "Alternate Data Streams" and in the May 14th OTL I have the following that does not look right to me:

---and others above these in the browser extension section---
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 07:02:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
Files/Folders - Created Within 30 Days
[2012/05/09 13:53:42 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/05/09 13:52:26 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/05/09 13:51:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/05/09 13:51:44 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/05/09 13:51:42 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/05/09 13:51:38 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/05/09 13:51:37 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/05/09 13:51:34 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/05/09 13:51:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/05/09 13:51:11 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/05/09 13:51:07 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/05/09 13:51:03 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/05/09 13:50:57 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/05/09 13:50:52 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/05/09 13:49:02 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/05/09 13:47:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/05/09 13:43:33 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/05/09 13:42:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/05/09 13:42:30 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/05/09 13:42:26 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/05/09 13:42:00 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/05/09 13:41:42 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/05/09 13:41:39 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/05/09 13:41:25 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/05/09 13:41:22 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/05/09 13:41:19 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/05/09 13:41:18 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/05/09 13:40:49 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/05/09 13:40:43 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/05/09 13:40:41 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/05/09 13:38:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/05/09 13:38:07 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/05/09 13:37:51 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/05/09 13:37:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/05/09 13:37:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/05/09 13:37:41 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/05/09 13:37:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/05/09 13:37:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/05/09 13:37:35 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/05/09 13:37:32 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/05/09 13:37:03 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/05/09 13:37:01 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/05/09 13:36:55 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/05/09 13:36:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/05/09 13:36:13 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/05/09 13:36:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/05/09 13:36:10 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/05/09 13:36:09 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/05/09 13:36:07 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/05/09 13:36:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/05/09 13:36:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/05/09 13:35:51 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/05/09 13:35:17 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/05/09 13:35:01 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/05/09 13:34:37 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/05/09 13:34:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/05/09 13:34:35 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/05/09 13:34:35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/05/09 13:34:34 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/05/09 13:34:28 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/05/09 13:34:27 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/05/09 13:34:26 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/05/09 13:34:25 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/05/09 13:34:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/05/09 13:34:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/05/09 13:33:25 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/05/09 13:33:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/05/09 13:33:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/05/09 13:33:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/05/09 13:33:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/05/09 13:33:21 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/05/09 13:33:19 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/05/09 13:33:19 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/05/09 13:33:15 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/05/09 13:33:14 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/05/09 13:33:14 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/05/09 13:33:11 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/05/09 13:33:10 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/05/09 13:33:09 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/05/09 13:33:09 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/05/09 13:33:08 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/05/09 13:33:07 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/05/09 13:33:07 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/05/09 13:32:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/05/09 13:32:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/05/09 13:32:46 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/05/09 13:32:45 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/05/09 13:32:44 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/05/09 13:32:42 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/05/09 13:32:41 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/05/09 13:32:40 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/05/09 13:32:00 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 13:31:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 13:31:28 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 13:31:20 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 13:31:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 13:31:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 13:31:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 13:31:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 13:31:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 13:31:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/05/09 13:31:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 13:31:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 13:31:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys

Files - Modified Within 30 Days
[2012/05/05 23:09:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 23:08:06 | 000,532,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/05 23:08:06 | 000,099,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/04 18:58:31 | 000,437,615 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/02 23:32:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/01 17:15:18 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 08:28:45 | 000,442,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120502-200318.backup

"Files Created - No Company Name" in the past 30 days :
[2012/05/09 13:54:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/05/09 13:43:30 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/05/09 13:43:23 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/05/09 13:43:17 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/05/09 13:43:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/05/09 13:43:05 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/05/09 13:37:45 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/05/09 13:37:44 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/05/09 13:37:42 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/05/09 13:32:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/05/09 13:32:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/05/09 13:32:21 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/05/09 13:32:20 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/05/09 13:32:18 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/05/09 13:32:17 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/05/09 13:32:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/05/09 13:32:09 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/05/09 12:19:11 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/05/01 17:15:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 00:22:40 | 000,000,400 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/17 16:53:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 12:49:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw7a.bin
[2011/11/03 12:14:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/05/23 21:02:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/09 20:42:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/22 13:20:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/29 18:18:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll


MY SYSTEM IS GETTING HARD TO STAY BOOTED INTO WINDOWS EACH DAY. PLEASE HELP SOON! EVEY TIME I BRING IT UP NOW I WILL GET BSOD due to "A Process or thread to system operation has unexpectedly excited or been terminated". I CAN ROLL BACK THE SYSTEM REGISTRY TO MAY 3rd by USING ERUNT. BUT I"m not doing that until I talk to one of you. I hope someone out there can help fix this infection.

Thank you for you time and patience

Regards,

GadgetAngel :wub:
  • 0

#3
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here IS THE OTL FILE FROM 05/14/2012 on this infected machine:
OTL logfile created on: 5/14/2012 7:28:55 PM - Run 4
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\mangesww\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 55.89% Memory free
2.67 Gb Paging File | 2.12 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): C:\pagefile.sys 1716 3432 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 176.78 Gb Free Space | 75.91% Space Free | Partition Type: NTFS
Drive E: | 979.97 Mb Total Space | 122.90 Mb Free Space | 12.54% Space Free | Partition Type: FAT32
Drive F: | 7.69 Gb Total Space | 0.10 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive G: | 979.98 Mb Total Space | 32.35 Mb Free Space | 3.30% Space Free | Partition Type: FAT32

Computer Name: JTMLAPTOP | User Name: mangesww | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 19:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.scr
PRC - [2012/05/02 06:39:16 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/05/02 06:39:12 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/06 16:18:42 | 000,939,184 | ---- | M] () -- C:\Program Files\SpywareBlaster\sbautoupdate.exe
PRC - [2010/11/10 08:59:50 | 000,140,616 | ---- | M] (Neuber Software - www.neuber.com) -- C:\Program Files\Security Task Manager\SpyProtector.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 09:16:34 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/14 09:16:33 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/02 07:07:46 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/02 07:07:45 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:18:42 | 000,939,184 | ---- | M] () -- C:\Program Files\SpywareBlaster\sbautoupdate.exe
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/02 06:39:16 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/11 16:41:02 | 001,867,776 | ---- | M] (Web Eight LLC.) [Auto | Stopped] -- C:\Program Files\BrowserProtect\BpSvc.exe -- (BpSvc)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2011/06/27 23:15:44 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rcvpn.sys -- (rcvpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/02 06:39:04 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/05/02 06:39:03 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/05/01 17:15:18 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utk0otc2.sys -- (utk0otc2)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/25 09:54:31 | 000,117,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/05/06 17:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/07/09 18:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/07/21 10:48:10 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/04/03 22:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/12/17 15:41:38 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/07/21 13:01:06 | 000,032,400 | ---- | M] (Winternals, SysInternals) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdimsys.sys -- (TDIMSYS)
DRV - [2003/01/23 16:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 48 30 8F 48 EC C9 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 16:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/10 16:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Extensions
[2012/05/10 16:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions
[2012/05/10 16:20:03 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/10 16:20:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\[email protected]
[2012/05/10 16:25:53 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\[email protected]
[2012/05/10 16:20:17 | 000,002,103 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\searchplugins\search.xml
[2012/05/10 16:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/04 18:58:31 | 000,437,615 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAutoUpdate] C:\Program Files\SpywareBlaster\sbautoupdate.exe ()
O4 - HKLM..\Run: [Spy Protector] C:\Program Files\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
O4 - HKCU..\Run: [BrowserProtect] C:\Program Files\BrowserProtect\BpAuto.lnk ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242707181735 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242707248220 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{097E9B33-3BD9-4D62-BB01-F14AF0B39F32}: DhcpNameServer = 10.10.10.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 07:02:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 19:27:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.scr
[2012/05/10 16:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\BrowserProtect
[2012/05/10 16:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Local Settings\Application Data\Mozilla
[2012/05/10 16:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Mozilla
[2012/05/10 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/10 16:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/10 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/10 15:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Start Menu\Programs\MagicDisc
[2012/05/10 15:40:16 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/05/10 15:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/05/10 15:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Local Settings\Application Data\VS Revo Group
[2012/05/10 15:34:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mangesww\IECompatCache
[2012/05/10 15:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Malwarebytes
[2012/05/09 13:53:42 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/05/09 13:52:26 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/05/09 13:51:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/05/09 13:51:44 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/05/09 13:51:42 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/05/09 13:51:38 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/05/09 13:51:37 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/05/09 13:51:34 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/05/09 13:51:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/05/09 13:51:11 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/05/09 13:51:07 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/05/09 13:51:03 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/05/09 13:50:57 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/05/09 13:50:52 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/05/09 13:49:02 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/05/09 13:47:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/05/09 13:43:33 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/05/09 13:43:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/05/09 13:42:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/05/09 13:42:30 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/05/09 13:42:26 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/05/09 13:42:00 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/05/09 13:41:42 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/05/09 13:41:39 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/05/09 13:41:25 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/05/09 13:41:22 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/05/09 13:41:19 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/05/09 13:41:18 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/05/09 13:40:49 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/05/09 13:40:43 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/05/09 13:40:41 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/05/09 13:38:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/05/09 13:38:07 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/05/09 13:37:51 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/05/09 13:37:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/05/09 13:37:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/05/09 13:37:41 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/05/09 13:37:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/05/09 13:37:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/05/09 13:37:35 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/05/09 13:37:32 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/05/09 13:37:03 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/05/09 13:37:01 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/05/09 13:36:55 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/05/09 13:36:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/05/09 13:36:13 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/05/09 13:36:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/05/09 13:36:10 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/05/09 13:36:09 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/05/09 13:36:07 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/05/09 13:36:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/05/09 13:36:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/05/09 13:35:51 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/05/09 13:35:17 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/05/09 13:35:01 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/05/09 13:34:37 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/05/09 13:34:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/05/09 13:34:35 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/05/09 13:34:35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/05/09 13:34:34 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/05/09 13:34:28 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/05/09 13:34:27 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/05/09 13:34:26 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/05/09 13:34:25 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/05/09 13:34:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/05/09 13:34:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/05/09 13:33:25 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/05/09 13:33:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/05/09 13:33:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/05/09 13:33:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/05/09 13:33:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/05/09 13:33:21 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/05/09 13:33:19 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/05/09 13:33:19 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/05/09 13:33:15 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/05/09 13:33:14 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/05/09 13:33:14 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/05/09 13:33:11 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/05/09 13:33:10 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/05/09 13:33:09 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/05/09 13:33:09 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/05/09 13:33:08 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/05/09 13:33:07 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/05/09 13:33:07 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/05/09 13:32:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/05/09 13:32:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/05/09 13:32:46 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/05/09 13:32:45 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/05/09 13:32:44 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/05/09 13:32:42 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/05/09 13:32:41 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/05/09 13:32:40 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/05/09 13:32:00 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 13:31:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 13:31:28 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 13:31:20 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 13:31:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 13:31:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 13:31:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 13:31:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 13:31:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 13:31:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/05/09 13:31:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 13:31:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 13:31:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/08 07:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Roxio
[2012/05/08 03:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraISO
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\My Documents\My ISO Files
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2012/05/08 03:22:17 | 000,000,000 | ---D | C] -- C:\MT2012
[2012/05/08 03:15:50 | 000,000,000 | ---D | C] -- C:\HIRENS
[2012/05/08 02:59:20 | 000,000,000 | ---D | C] -- C:\DOSXPSTP
[2012/05/08 00:08:05 | 000,000,000 | ---D | C] -- C:\W98SETUP
[2012/05/07 22:00:58 | 000,000,000 | ---D | C] -- C:\GHSETUP
[2012/05/07 21:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\ImgBurn
[2012/05/07 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/05/07 21:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/05/07 19:50:07 | 000,000,000 | ---D | C] -- C:\XPSETUP
[2012/05/07 18:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Start Menu\Programs\MagicISO
[2012/05/07 18:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2012/05/07 17:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\SUPERAntiSpyware.com
[2012/05/07 17:08:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mangesww\Recent
[2012/05/07 16:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\U3
[2012/05/07 14:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Apple Computer
[2012/05/06 05:34:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/06 01:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2012/05/05 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/05 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/05 22:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stylus Studio 2010 XML Enterprise
[2012/05/05 22:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Stylus Studio 2010 XML Enterprise Suite
[2012/05/03 15:58:27 | 000,000,000 | ---D | C] -- C:\DDS LOG generator
[2012/05/03 15:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/03 15:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/03 15:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/03 15:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/05/03 15:33:52 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/05/03 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/02 18:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/05/02 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/05/02 04:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/02 04:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/02 04:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/02 02:14:24 | 000,000,000 | ---D | C] -- C:\Rachel Pic on Pat
[2012/05/02 02:13:06 | 000,000,000 | ---D | C] -- C:\Findings fo ME
[2012/05/01 04:27:49 | 000,000,000 | ---D | C] -- C:\SENTECH Resume 2010
[2012/04/22 19:56:12 | 000,000,000 | ---D | C] -- C:\JTM_BootDisk.com 04_22_2012
[2012/04/22 18:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/22 03:38:53 | 000,000,000 | ---D | C] -- C:\os
[2012/04/21 00:20:12 | 000,000,000 | ---D | C] -- C:\My IOS Files - USB Boot
[2012/04/21 00:08:02 | 000,000,000 | ---D | C] -- C:\WinISO
[2012/04/20 23:23:25 | 000,000,000 | ---D | C] -- C:\XP
[2012/04/20 23:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO
[2012/04/20 23:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinISO
[2012/04/15 15:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 19:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.scr
[2012/05/14 17:23:00 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/14 15:23:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/05/14 09:14:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/14 09:12:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/10 16:43:25 | 000,001,881 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Browser Protect.lnk
[2012/05/10 16:11:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 16:11:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/10 15:43:37 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Freeware MagicISO Virtual CD-DVD-ROM(MagicDisc) Overview.url
[2012/05/10 15:40:28 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/05/10 15:40:28 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\MagicDisc.lnk
[2012/05/09 09:00:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/05/08 06:02:45 | 001,474,560 | ---- | M] () -- C:\Bootwin98Image.ima
[2012/05/08 05:48:45 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\w98tools.ibb
[2012/05/08 05:45:22 | 000,001,333 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\xpbootcd.ibb
[2012/05/08 05:41:46 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\hirens.ibb
[2012/05/08 05:34:31 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\mt2012.ibb
[2012/05/08 04:06:58 | 001,474,560 | ---- | M] () -- C:\mt2012sect.bif
[2012/05/08 03:59:16 | 001,474,560 | ---- | M] () -- C:\hirensboot.bif
[2012/05/08 03:53:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\UltraISO.lnk
[2012/05/07 22:07:45 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\ghsetup.ibb
[2012/05/07 21:00:07 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/07 21:00:06 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/05/07 20:54:38 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\xpsp3.ibb
[2012/05/07 19:01:23 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinISO.lnk
[2012/05/07 19:00:55 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\MagicISO.lnk
[2012/05/07 19:00:42 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\MagicISO.lnk
[2012/05/07 17:44:02 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Home.lnk
[2012/05/07 17:43:55 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip 14.5.lnk
[2012/05/07 17:16:32 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Protector.lnk
[2012/05/07 17:16:29 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Task Manager.lnk
[2012/05/07 17:16:26 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2011.lnk
[2012/05/07 17:16:23 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/07 17:15:52 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/05/07 17:11:30 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/07 17:10:27 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/07 17:10:19 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Stylus Studio 2010 XML Enterprise Suite.lnk
[2012/05/07 17:10:11 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/05/07 17:10:04 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Virtual CloneDrive.lnk
[2012/05/07 17:09:53 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Control Panel.lnk
[2012/05/05 23:09:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 23:08:06 | 000,532,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/05 23:08:06 | 000,099,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/04 18:58:31 | 000,437,615 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/02 23:32:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/01 17:15:18 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 08:28:45 | 000,442,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120502-200318.backup
[2012/05/01 02:42:43 | 000,000,512 | ---- | M] () -- C:\win98sect.bin
[2012/05/01 00:26:02 | 000,000,400 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/04/22 13:56:17 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/20 23:16:48 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\WinISO.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 16:43:25 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Browser Protect.lnk
[2012/05/10 16:43:25 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Browser Protect.lnk
[2012/05/10 16:11:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 16:11:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/10 16:11:50 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/10 15:43:37 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Freeware MagicISO Virtual CD-DVD-ROM(MagicDisc) Overview.url
[2012/05/10 15:40:28 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/05/10 15:40:28 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\MagicDisc.lnk
[2012/05/09 13:54:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/05/09 13:43:30 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/05/09 13:43:23 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/05/09 13:43:17 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/05/09 13:43:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/05/09 13:43:05 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/05/09 13:37:45 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/05/09 13:37:44 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/05/09 13:37:42 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/05/09 13:32:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/05/09 13:32:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/05/09 13:32:21 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/05/09 13:32:20 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/05/09 13:32:18 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/05/09 13:32:17 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/05/09 13:32:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/05/09 13:32:09 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/05/09 12:19:11 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/05/08 06:02:22 | 001,474,560 | ---- | C] () -- C:\Bootwin98Image.ima
[2012/05/08 05:47:39 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\w98tools.ibb
[2012/05/08 05:43:00 | 000,001,333 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\xpbootcd.ibb
[2012/05/08 05:39:59 | 001,474,560 | ---- | C] () -- C:\hirensboot.bif
[2012/05/08 05:36:13 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\hirens.ibb
[2012/05/08 05:31:29 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\mt2012.ibb
[2012/05/08 05:30:23 | 001,474,560 | ---- | C] () -- C:\mt2012sect.bif
[2012/05/08 03:53:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\UltraISO.lnk
[2012/05/08 03:14:14 | 000,000,512 | ---- | C] () -- C:\win98sect.bin
[2012/05/07 22:50:48 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Home.lnk
[2012/05/07 22:49:51 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\WinISO.lnk
[2012/05/07 22:07:45 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\ghsetup.ibb
[2012/05/07 21:00:06 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/07 21:00:06 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/05/07 20:55:53 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\xpsp3.ibb
[2012/05/07 19:49:42 | 000,002,048 | ---- | C] () -- C:\w2ksect.bin
[2012/05/07 19:01:23 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinISO.lnk
[2012/05/07 19:00:55 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\MagicISO.lnk
[2012/05/07 18:59:22 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\MagicISO.lnk
[2012/05/07 17:44:02 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Home.lnk
[2012/05/07 17:43:55 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip 14.5.lnk
[2012/05/07 17:34:00 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/07 17:16:32 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Protector.lnk
[2012/05/07 17:16:29 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Task Manager.lnk
[2012/05/07 17:16:26 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2011.lnk
[2012/05/07 17:16:23 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/07 17:15:52 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/05/07 17:11:30 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/07 17:10:27 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/07 17:10:19 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Stylus Studio 2010 XML Enterprise Suite.lnk
[2012/05/07 17:10:11 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/05/07 17:10:04 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Virtual CloneDrive.lnk
[2012/05/07 17:09:53 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Control Panel.lnk
[2012/05/01 17:15:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 00:22:40 | 000,000,400 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/17 16:53:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 12:49:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw7a.bin
[2011/11/03 12:14:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/11/03 02:24:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/09/20 14:03:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/06/27 23:15:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2011/06/27 23:15:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2011/05/24 14:20:05 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/23 21:02:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/09 20:42:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/22 13:20:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/29 18:18:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

========== LOP Check ==========

[2011/05/24 13:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/10 15:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/23 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/06 01:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2012/03/21 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tastybytes Software
[2009/08/24 20:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/05/14 09:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/28 23:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/07/29 17:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/12 20:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 23:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/05/08 06:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mangesww\Application Data\ImgBurn
[2012/05/14 17:23:00 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/14 15:23:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 46 bytes -> C:\Program Files:༐˙Գܑlᄦiῼฌķnās᨞.b༑i㽷n 燷
@Alternate Data Stream - 349 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
:huh:


  • 0

#4
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HERE IS THE OTL FILE OUTPUT on 05/27/2012

OTL logfile created on: 5/27/2012 8:08:09 PM - Run 8
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\mangesww\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 48.24% Memory free
2.67 Gb Paging File | 2.16 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): C:\pagefile.sys 1716 3432 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 175.20 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
Drive E: | 979.97 Mb Total Space | 68.51 Mb Free Space | 6.99% Space Free | Partition Type: FAT32
Drive F: | 931.48 Gb Total Space | 904.26 Gb Free Space | 97.08% Space Free | Partition Type: NTFS
Drive G: | 186.26 Gb Total Space | 55.05 Gb Free Space | 29.56% Space Free | Partition Type: FAT32

Computer Name: JTMLAPTOP | User Name: mangesww | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 19:19:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.com
PRC - [2012/05/02 06:39:16 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/05/02 06:39:12 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/27 20:03:36 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/27 20:03:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/02 07:07:46 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/02 07:07:45 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/02 06:39:16 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2011/06/27 23:15:44 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rcvpn.sys -- (rcvpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/02 06:39:04 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/05/02 06:39:03 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/05/01 17:15:18 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utk0otc2.sys -- (utk0otc2)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/25 09:54:31 | 000,117,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/05/06 17:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/07/09 18:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/07/21 10:48:10 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/04/03 22:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/07/21 13:01:06 | 000,032,400 | ---- | M] (Winternals, SysInternals) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdimsys.sys -- (TDIMSYS)
DRV - [2003/01/23 16:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/12/24 19:52:00 | 000,059,520 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Rmedia.sys -- (rmedia)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 48 30 8F 48 EC C9 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 16:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/10 16:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Extensions
[2012/05/16 15:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions
[2012/05/10 16:20:03 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/10 16:20:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\[email protected]
[2012/05/10 16:25:53 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\mangesww\Application Data\Mozilla\Firefox\Profiles\44bv88th.default\extensions\[email protected]
[2012/05/10 16:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/10 16:25:53 | 000,242,709 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
[2012/05/10 16:20:03 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/10 16:19:55 | 000,047,822 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/10 16:19:55 | 000,021,992 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/10 16:20:02 | 000,147,186 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MANGESWW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\44BV88TH.DEFAULT\EXTENSIONS\[email protected]
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/05/04 18:58:31 | 000,437,615 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAutoUpdate] C:\Program Files\SpywareBlaster\sbautoupdate.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242707181735 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242707248220 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{097E9B33-3BD9-4D62-BB01-F14AF0B39F32}: DhcpNameServer = 10.10.10.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 07:02:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/01 21:53:56 | 000,000,029 | R--- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/05/22 23:46:42 | 000,000,528 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/11/15 13:15:02 | 000,001,114 | ---- | M] () - G:\AUTOEXEC.BAT.bck -- [ FAT32 ]
O32 - AutoRun File - [2012/05/22 22:19:26 | 000,001,690 | ---- | M] () - G:\AUTOEXEC.BAk22.txt -- [ FAT32 ]
O33 - MountPoints2\{0da6c771-a371-11e1-8c37-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{0da6c771-a371-11e1-8c37-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0da6c771-a371-11e1-8c37-001143cca6f5}\Shell\AutoRun\command - "" = E:\autorunner.exe "start.html"
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71825cd1-93c2-11e1-8bed-001143cca6f5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorunner.exe "start.html"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 20:07:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.com
[2012/05/21 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\My Documents\SnagIt Catalog
[2012/05/19 21:18:36 | 000,000,000 | ---D | C] -- C:\EasyBoot
[2012/05/19 01:06:39 | 000,847,872 | ---- | C] (Western Digital) -- C:\Documents and Settings\mangesww\Desktop\WinDlg.exe
[2012/05/19 01:06:38 | 000,573,763 | ---- | C] (Western Digital Corporation ) -- C:\Documents and Settings\mangesww\Desktop\setup.exe
[2012/05/19 01:06:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.scr
[2012/05/15 17:48:31 | 000,000,000 | ---D | C] -- C:\5f346dba1ffd8af3ae1e893af7492a8c
[2012/05/15 16:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyBoot
[2012/05/15 16:53:49 | 000,000,000 | ---D | C] -- C:\EasyBoot1
[2012/05/15 16:27:44 | 000,000,000 | ---D | C] -- C:\e058ac5473a2b28cf6
[2012/05/15 16:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/05/15 13:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Stylus Studio
[2012/05/10 16:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Local Settings\Application Data\Mozilla
[2012/05/10 16:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Mozilla
[2012/05/10 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/10 16:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/10 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/10 15:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Start Menu\Programs\MagicDisc
[2012/05/10 15:40:16 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/05/10 15:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/05/10 15:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Local Settings\Application Data\VS Revo Group
[2012/05/10 15:34:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mangesww\IECompatCache
[2012/05/10 15:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Malwarebytes
[2012/05/09 13:53:42 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/05/09 13:52:26 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/05/09 13:51:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/05/09 13:51:44 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/05/09 13:51:42 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/05/09 13:51:38 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/05/09 13:51:37 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/05/09 13:51:34 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/05/09 13:51:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/05/09 13:51:11 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/05/09 13:51:07 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/05/09 13:51:03 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/05/09 13:50:57 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/05/09 13:50:52 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/05/09 13:49:02 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/05/09 13:47:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/05/09 13:43:33 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/05/09 13:43:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/05/09 13:42:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/05/09 13:42:30 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/05/09 13:42:26 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/05/09 13:42:00 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/05/09 13:41:42 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/05/09 13:41:39 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/05/09 13:41:25 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/05/09 13:41:22 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/05/09 13:41:19 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/05/09 13:41:18 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/05/09 13:40:49 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/05/09 13:40:43 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/05/09 13:40:41 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/05/09 13:38:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/05/09 13:38:07 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/05/09 13:37:51 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/05/09 13:37:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/05/09 13:37:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/05/09 13:37:41 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/05/09 13:37:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/05/09 13:37:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/05/09 13:37:35 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/05/09 13:37:32 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/05/09 13:37:03 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/05/09 13:37:01 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/05/09 13:36:55 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/05/09 13:36:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/05/09 13:36:13 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/05/09 13:36:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/05/09 13:36:10 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/05/09 13:36:09 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/05/09 13:36:07 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/05/09 13:36:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/05/09 13:36:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/05/09 13:35:51 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/05/09 13:35:17 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/05/09 13:35:01 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/05/09 13:34:37 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/05/09 13:34:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/05/09 13:34:35 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/05/09 13:34:35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/05/09 13:34:34 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/05/09 13:34:28 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/05/09 13:34:27 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/05/09 13:34:26 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/05/09 13:34:25 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/05/09 13:34:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/05/09 13:34:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/05/09 13:33:25 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/05/09 13:33:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/05/09 13:33:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/05/09 13:33:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/05/09 13:33:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/05/09 13:33:21 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/05/09 13:33:19 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/05/09 13:33:19 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/05/09 13:33:15 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/05/09 13:33:14 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/05/09 13:33:14 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/05/09 13:33:11 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/05/09 13:33:10 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/05/09 13:33:09 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/05/09 13:33:09 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/05/09 13:33:08 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/05/09 13:33:07 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/05/09 13:33:07 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/05/09 13:32:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/05/09 13:32:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/05/09 13:32:46 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/05/09 13:32:45 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/05/09 13:32:44 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/05/09 13:32:42 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/05/09 13:32:41 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/05/09 13:32:40 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/05/09 13:32:00 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 13:31:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 13:31:28 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 13:31:20 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 13:31:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 13:31:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 13:31:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 13:31:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 13:31:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 13:31:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/05/09 13:31:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 13:31:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 13:31:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/08 07:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Roxio
[2012/05/08 03:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraISO
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\My Documents\My ISO Files
[2012/05/08 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2012/05/08 03:22:17 | 000,000,000 | ---D | C] -- C:\MT2012
[2012/05/08 03:15:50 | 000,000,000 | ---D | C] -- C:\HIRENS
[2012/05/08 02:59:20 | 000,000,000 | ---D | C] -- C:\DOSXPSTP
[2012/05/08 00:08:05 | 000,000,000 | ---D | C] -- C:\W98SETUP
[2012/05/07 22:00:58 | 000,000,000 | ---D | C] -- C:\GHSETUP
[2012/05/07 21:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\ImgBurn
[2012/05/07 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/05/07 21:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/05/07 19:50:07 | 000,000,000 | ---D | C] -- C:\XPSETUP
[2012/05/07 18:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Start Menu\Programs\MagicISO
[2012/05/07 18:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2012/05/07 17:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\SUPERAntiSpyware.com
[2012/05/07 17:08:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mangesww\Recent
[2012/05/07 16:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\U3
[2012/05/07 14:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mangesww\Application Data\Apple Computer
[2012/05/06 05:34:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/06 01:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2012/05/05 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/05 23:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/05 22:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stylus Studio 2010 XML Enterprise
[2012/05/05 22:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Stylus Studio 2010 XML Enterprise Suite
[2012/05/03 15:58:27 | 000,000,000 | ---D | C] -- C:\DDS LOG generator
[2012/05/03 15:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/03 15:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/03 15:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/03 15:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/05/03 15:33:52 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/05/03 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/02 18:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/05/02 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/05/02 04:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/02 04:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/02 04:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/02 02:14:24 | 000,000,000 | ---D | C] -- C:\Rachel Pic on Pat
[2012/05/02 02:13:06 | 000,000,000 | ---D | C] -- C:\Findings fo ME
[2012/05/01 04:27:49 | 000,000,000 | ---D | C] -- C:\SENTECH Resume 2010
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/27 20:03:35 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/05/27 20:01:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/27 20:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/25 17:02:17 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to Temp.lnk
[2012/05/25 16:58:04 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/05/25 16:57:58 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to procexp.exe.lnk
[2012/05/21 21:53:40 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\AUTOEXEC.BAT
[2012/05/21 14:48:55 | 000,006,044 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\SENTECHlogo-0000.pdf
[2012/05/20 12:35:09 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\RAMdrive.BAT
[2012/05/19 04:39:07 | 000,001,327 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\ghsetup.ibb
[2012/05/19 03:45:13 | 001,474,560 | ---- | M] () -- C:\BootWinPE.ima
[2012/05/18 23:52:23 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to ISCalculatorV5_1.htm.lnk
[2012/05/18 23:52:23 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to setup.exe.lnk
[2012/05/16 18:51:33 | 000,018,188 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\smart.htm
[2012/05/16 18:51:33 | 000,015,704 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\help.htm
[2012/05/16 18:51:33 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\wdclogo.gif
[2012/05/16 15:33:05 | 000,923,401 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\WinDlg_124.zip
[2012/05/16 15:26:52 | 002,207,744 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Diag504fCD.iso
[2012/05/15 17:28:17 | 029,229,056 | ---- | M] () -- C:\3590F75ABA9E485486C100C1A9D4FF06EYNLJWWIDMTMLZLI
[2012/05/15 17:03:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\UltraISO.lnk
[2012/05/15 16:53:52 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\EasyBoot.lnk
[2012/05/15 14:37:24 | 289,734,656 | ---- | M] () -- C:\3590F75ABA9E485486C100C1A9D4FF06XCMVKXPUAXWKFYBP
[2012/05/15 14:17:17 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/05/15 14:17:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/15 14:17:09 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/14 19:19:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.com
[2012/05/14 19:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mangesww\Desktop\OTL.scr
[2012/05/10 16:43:25 | 000,001,881 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Browser Protect.lnk
[2012/05/10 16:11:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 16:11:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Mozilla Firefox.lnk
[2012/05/10 15:43:37 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\Freeware MagicISO Virtual CD-DVD-ROM(MagicDisc) Overview.url
[2012/05/10 15:40:28 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/05/10 15:40:28 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\MagicDisc.lnk
[2012/05/08 06:02:45 | 001,474,560 | ---- | M] () -- C:\Bootwin98Image.ima
[2012/05/08 05:48:45 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\w98tools.ibb
[2012/05/08 05:45:22 | 000,001,333 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\xpbootcd.ibb
[2012/05/08 05:41:46 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\hirens.ibb
[2012/05/08 05:34:31 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\mt2012.ibb
[2012/05/08 04:06:58 | 001,474,560 | ---- | M] () -- C:\mt2012sect.bif
[2012/05/08 03:59:16 | 001,474,560 | ---- | M] () -- C:\hirensboot.bif
[2012/05/07 21:00:07 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/07 21:00:06 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\ImgBurn.lnk
[2012/05/07 20:54:38 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\xpsp3.ibb
[2012/05/07 19:01:23 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinISO.lnk
[2012/05/07 19:00:55 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\MagicISO.lnk
[2012/05/07 19:00:42 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\mangesww\Desktop\MagicISO.lnk
[2012/05/07 17:44:02 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Home.lnk
[2012/05/07 17:43:55 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip 14.5.lnk
[2012/05/07 17:16:32 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Protector.lnk
[2012/05/07 17:16:29 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Task Manager.lnk
[2012/05/07 17:16:26 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2011.lnk
[2012/05/07 17:16:23 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/07 17:11:30 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/07 17:10:27 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/07 17:10:19 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Stylus Studio 2010 XML Enterprise Suite.lnk
[2012/05/07 17:10:11 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/05/07 17:10:04 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Virtual CloneDrive.lnk
[2012/05/07 17:09:53 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Control Panel.lnk
[2012/05/05 23:09:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 23:08:06 | 000,532,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/05 23:08:06 | 000,099,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/04 18:58:31 | 000,437,615 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/01 17:15:18 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 08:28:45 | 000,442,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120502-200318.backup
[2012/05/01 02:42:43 | 000,000,512 | ---- | M] () -- C:\win98sect.bin
[2012/05/01 00:26:02 | 000,000,400 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 17:02:17 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to Temp.lnk
[2012/05/25 16:58:04 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/05/25 16:57:58 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to procexp.exe.lnk
[2012/05/21 15:35:47 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\AUTOEXEC.BAT
[2012/05/21 14:48:55 | 000,006,044 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\SENTECHlogo-0000.pdf
[2012/05/21 14:42:41 | 000,011,254 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Sentech_Logo.jpg
[2012/05/21 14:41:36 | 000,004,929 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\SENTECHlogo.PNG
[2012/05/20 23:35:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\RESTART.COM
[2012/05/20 12:14:33 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\RAMdrive.BAT
[2012/05/19 04:26:24 | 001,474,560 | ---- | C] () -- C:\BootWinPE.ima
[2012/05/19 01:06:40 | 000,002,548 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/05/19 01:06:40 | 000,001,333 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\xpbootcd.ibb
[2012/05/19 01:06:40 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\xpsp3.ibb
[2012/05/19 01:06:40 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\WinISO.lnk
[2012/05/19 01:06:39 | 000,923,401 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\WinDlg_124.zip
[2012/05/19 01:06:39 | 000,018,188 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\smart.htm
[2012/05/19 01:06:39 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Skype.lnk
[2012/05/19 01:06:39 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\wdclogo.gif
[2012/05/19 01:06:39 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\w98tools.ibb
[2012/05/19 01:06:39 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\UltraISO.lnk
[2012/05/19 01:06:38 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\RoxioNow Player.lnk
[2012/05/19 01:06:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\QuickTime Player.lnk
[2012/05/19 01:06:38 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to ISCalculatorV5_1.htm.lnk
[2012/05/19 01:06:38 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Shortcut to setup.exe.lnk
[2012/05/19 01:06:37 | 000,702,974 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\ISCalcZipV5_1.exe
[2012/05/19 01:06:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\iTunes.lnk
[2012/05/19 01:06:37 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\MagicISO.lnk
[2012/05/19 01:06:37 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\mt2012.ibb
[2012/05/19 01:06:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Mozilla Firefox.lnk
[2012/05/19 01:06:37 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\MagicDisc.lnk
[2012/05/19 01:06:36 | 002,028,019 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\ISCalculatorV5_1.htm
[2012/05/19 01:06:36 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\inSSIDer 2.0.lnk
[2012/05/19 01:06:36 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Home.lnk
[2012/05/19 01:06:36 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\ImgBurn.lnk
[2012/05/19 01:06:36 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\hirens.ibb
[2012/05/19 01:06:35 | 002,207,744 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Diag504fCD.iso
[2012/05/19 01:06:35 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\disk32.dll
[2012/05/19 01:06:35 | 000,015,704 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\help.htm
[2012/05/19 01:06:35 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\disk16.dll
[2012/05/19 01:06:35 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Franson GpsGate 2.6.lnk
[2012/05/19 01:06:35 | 000,001,327 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\ghsetup.ibb
[2012/05/19 01:06:35 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\EPSON Scan.lnk
[2012/05/19 01:06:35 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\EasyBoot.lnk
[2012/05/19 01:06:35 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Freeware MagicISO Virtual CD-DVD-ROM(MagicDisc) Overview.url
[2012/05/19 01:06:34 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Browser Protect.lnk
[2012/05/19 01:06:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\mangesww\Desktop\Adobe Reader X.lnk
[2012/05/15 17:28:17 | 029,229,056 | ---- | C] () -- C:\3590F75ABA9E485486C100C1A9D4FF06EYNLJWWIDMTMLZLI
[2012/05/15 14:37:24 | 289,734,656 | ---- | C] () -- C:\3590F75ABA9E485486C100C1A9D4FF06XCMVKXPUAXWKFYBP
[2012/05/10 16:43:25 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Browser Protect.lnk
[2012/05/10 16:11:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 16:11:50 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/10 15:40:28 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\mangesww\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/05/09 13:54:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/05/09 13:43:30 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/05/09 13:43:23 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/05/09 13:43:17 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/05/09 13:43:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/05/09 13:43:05 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/05/09 13:37:45 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/05/09 13:37:44 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/05/09 13:37:42 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/05/09 13:32:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/05/09 13:32:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/05/09 13:32:21 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/05/09 13:32:20 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/05/09 13:32:19 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/05/09 13:32:18 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/05/09 13:32:17 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/05/09 13:32:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/05/09 13:32:09 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/05/09 12:19:11 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/05/08 06:02:22 | 001,474,560 | ---- | C] () -- C:\Bootwin98Image.ima
[2012/05/08 05:39:59 | 001,474,560 | ---- | C] () -- C:\hirensboot.bif
[2012/05/08 05:30:23 | 001,474,560 | ---- | C] () -- C:\mt2012sect.bif
[2012/05/08 03:14:14 | 000,000,512 | ---- | C] () -- C:\win98sect.bin
[2012/05/07 21:00:06 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/07 19:49:42 | 000,002,048 | ---- | C] () -- C:\w2ksect.bin
[2012/05/07 19:01:23 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinISO.lnk
[2012/05/07 19:00:55 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\MagicISO.lnk
[2012/05/07 17:44:02 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Home.lnk
[2012/05/07 17:43:55 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip 14.5.lnk
[2012/05/07 17:34:00 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/07 17:16:32 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Protector.lnk
[2012/05/07 17:16:29 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Task Manager.lnk
[2012/05/07 17:16:26 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2011.lnk
[2012/05/07 17:16:23 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/07 17:11:30 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/07 17:10:27 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/07 17:10:19 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Stylus Studio 2010 XML Enterprise Suite.lnk
[2012/05/07 17:10:11 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/05/07 17:10:04 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Virtual CloneDrive.lnk
[2012/05/07 17:09:53 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\mangesww\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Control Panel.lnk
[2012/05/01 17:15:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/05/01 00:22:40 | 000,000,400 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/17 16:53:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 12:49:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw7a.bin
[2011/11/03 12:14:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/11/03 02:24:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/09/20 14:03:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/06/27 23:15:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2011/06/27 23:15:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2011/05/24 14:20:05 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/23 21:02:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/09 20:42:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/22 13:20:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/29 18:18:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

========== LOP Check ==========

[2011/05/24 13:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/10 15:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/23 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/06 01:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2012/03/21 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tastybytes Software
[2009/08/24 20:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/05/27 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/28 23:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/07/29 17:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/12 20:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 23:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/05/08 06:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mangesww\Application Data\ImgBurn
[2012/05/15 13:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mangesww\Application Data\Stylus Studio
[2012/05/15 14:17:09 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d1305b5f-bfb8-40ba-b513-ce519ce9379c.job
[2012/05/27 20:03:35 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 46 bytes -> C:\Program Files:༐˙Գܑlᄦiῼฌķnās᨞.b༑i㽷n 燷
@Alternate Data Stream - 404 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >



  • 0

#5
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts
Hi GadgetAngel

Have you the extras log from OTL please? If not, run OTL again, setting
  • Processes- None
  • Modules - None
  • Services - None
  • Drivers - None
  • Standard Registry - None
  • Extra Registry - Use SafeList
    Posted Image
  • Files Created Within - None
  • Files Modified Within - None
  • Then click Run Scan and you'll get an extras.txt
    Posted Image
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your reply

  • 0

#6
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Dear azarl,

Just want to make things clear the system we are working on in a 32 bit Windows XP SP3 machine. I have been trying for the last 4 hours to get you the extra file that you want. The problrms is is I boot the systme normally or boot it into safe mode with in less than one minute I end up with a BSOD with error code 0xF4 "A process or thread crucial to system operation has unexpectedly excited or been terminiated". So you can image how difficult it is for me to copy OTL to the desk top set the parametters you require before the system does another BSOD and that before I even get a chance to run the code. I doubt the system will stay running long enough now to even run OTL. By the way, I have had the laptop turned off, unplugged and what amazes me is this malware is still writting stuff to my disk drive. I probably should have pulled out the battery. But you would think after 5 days the battery would have gone dead. It did not. So now what do I do. All I get are BSOD. I'm writing this response on my husband's laptop. I don't even have enough time to type in msconfig and turn off all the startup items and click OK before the system does a BSOD. I suppose it might be happier if I hooked if up to the internet so it could transmit it data back to its hacker. Right now I refuse to connect it to the internert. So again what do I do now?

Regards,
GadgetAngel
  • 0

#7
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts
The symptoms you describe sound like a damaged O/S or hardware

Let's try a memory test first

A If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...


1. Download - Pre-Compiled Bootable ISO (.zip). If you prefer to use the USB version then use this link USB KEY
2. Unzip downloaded /memtest86+-4.20.iso.zip file.
3. Inside, you'll find /memtest86+-4.20.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:

Posted Image

8. Locate memtest86+-4.20.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:

Posted Image

10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.

To change Boot Sequence in your BIOS

Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.


The running program will look something like this depending on the size and number of ram modules installed:


Posted Image

It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

Posted Image

The following image is the test results area:

Posted Image

The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
  • 0

#8
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Dear azarl,

I finally got the Extras.txt file you wanted (it will be pasted at the end of my discussion). I just let the system have its way. It wanted to have access to the internet so it could converse back home with its owner’s (the hacker’s whom now control my PC). Once I allowed it internet access. I was able to go in and use msconfig and change the configuration to diagnostic mode. So it basically is running with only the bare minimum of the OS. I ran your OTL instructions and got the Extras.txt file.




I did some research on BSOD error code for "KERNAL_STACK_INPAGE_ERROR and found that this code is mostly generated by the pagefile containing bad clusters. Since I know my hard drive has bad clusters, I decided to move the page file to an external NTFS drive that I bought three weeks ago. Unfortunately, I have left the new drive hooked up to this infected computer which has now messed with the partition table. After running Norton Disk Doctor, off of my Ghost 10 Recovery CD, the disk partitions now generate errors like the last head goes past the end of the disk and the last cylinder is beyond the last cylinder boundary. The Malware/Virus has gotten into two of my external drives partition tables and messed with at least two values in their disk drive partition tables. Do you know any software that will fix a disk partition tables for me automatically? I also decided to run BSOD viewer to let you see the mini-dump files I found on my system. I was right I got infected on 4/11/2012 from boxed software I bought off of a reputable web site. The software called “PD+Rescue for iPod Win/Mac” is the software that gave me this Trojan. I was right it has gone in and actually changed the NT Kernel & System file ntoskrnl.exe. I did not have a dump file before that date and my computer never showed any signs of a problem until that date. So I learned a hard lesson even if I buy software on a CD I will have to scan the CD with all my different Malware software and Antivirus Software before installing the software onto my system. The output from BlueScreenView.exe will be pasted here also under the title BSOD.txt.



I have already checked my system devices and memory modules. I thought of that before I even tried to contact you guys. Trust me this is NOT a MEMORY problem. This is a MALWARE problem. Please take a look at these two file outputs and I look at what you want me to do further. Another thing Norton Internet Security is telling me that it is blocking communication between my computer and any computers at any address with certain ports open. It also has a MAC address of a network that my computer is trying to talk to that I am not aware that it is doing this. Is there a way to see what is going on with my TCP/IP settings? I also found a verification signature of drivers log file dated 5/9/2012 on my “C:\” drive, I think you should look at also (I did not run this verification). After I found this driver signature verification and I have turned on some services so the infected computer can have internet access, and I can try to keep my antivirus software updated. I decided I would run the OTL routine again and give you an Extras.txt file 12 hours apart from the first run. Yes, I have been working on this for 12 hours straight. I really would like to get this system clean out. From looking at the first and last Extras.txt file I can see were the system is talking to the outside IP ports. The firewall was not set that way by me. Here is the attached information:



OUTPUT from Extras1.txt created on: 6/7/2012 9:06:52 PM

OTL Extras logfile created on: 6/7/2012 9:06:52 PM - Run 11
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\joann manges\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 65.99% Memory free
2.67 Gb Paging File | 2.35 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.77 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 904.26 Gb Free Space | 97.08% Space Free | Partition Type: NTFS
Drive G: | 186.26 Gb Total Space | 55.05 Gb Free Space | 29.56% Space Free | Partition Type: FAT32

Computer Name: JTMLAPTOP | User Name: joann manges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe" = C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe:*:Enabled:RoxioNow Player
"C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{524228C9-826F-4B58-9E47-4F2E5C7E9F45}" = SnagIt 8
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BA0FF3-D382-4BC0-866D-52386EB0BAC5}" = Wi-Spy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{677A19B8-446D-4797-A071-977A30EAD01D}" = Winternals Administrator's Pak
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C1388BE-AD32-47BC-B51F-A37F1245203C}" = RICOH Media Driver
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87B2EBAC-86B0-41A3-AF06-BB3A0A87E2AB}" = Stylus Studio 2010 XML Enterprise Suite
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C08E4323-261D-4B2F-8F24-CDB26E2AA081}" = Iomega Home Storage Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5936FA-1D77-4131-9ED6-4F6AF6ABC227}" = Franson GpsGate 2.6
"{D054F5C3-EBE5-4A30-8B24-C32D2C3C5819}" = Chanalyzer Pro
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AnyDVD" = AnyDVD
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dcmsvc_is1" = dcmsvc 1.0
"EasyBoot_is1" = EasyBoot V6.52
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"LiveReg" = LiveReg (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities 15_is1" = Norton Utilities 15
"Registry Crawler" = Registry Crawler
"Security Task Manager" = Security Task Manager 1.8d
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V9.52
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 2:12:40 PM | Computer Name = JTMLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11577

Error - 6/1/2012 2:12:40 PM | Computer Name = JTMLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11577

Error - 6/1/2012 2:12:51 PM | Computer Name = JTMLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/1/2012 2:12:51 PM | Computer Name = JTMLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22873

Error - 6/1/2012 2:12:51 PM | Computer Name = JTMLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22873

Error - 6/1/2012 2:13:52 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:14:38 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:26:29 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:27:42 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 3:05:25 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

[ System Events ]
Error - 6/7/2012 8:33:15 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:33:18 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:33:19 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:33:40 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/7/2012 8:33:52 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:34:13 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:34:36 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/7/2012 8:34:36 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 6/7/2012 8:35:11 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/7/2012 8:38:14 PM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >








OUTPUT from Extras.txt created on: 6/8/2012 8:47:15 AM

OTL Extras logfile created on: 6/8/2012 8:47:15 AM - Run 12
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\joann manges\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 38.60% Memory free
2.67 Gb Paging File | 1.92 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.46 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 903.99 Gb Free Space | 97.05% Space Free | Partition Type: NTFS

Computer Name: JTMLAPTOP | User Name: joann manges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe" = C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe:*:Enabled:RoxioNow Player
"C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{524228C9-826F-4B58-9E47-4F2E5C7E9F45}" = SnagIt 8
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BA0FF3-D382-4BC0-866D-52386EB0BAC5}" = Wi-Spy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{677A19B8-446D-4797-A071-977A30EAD01D}" = Winternals Administrator's Pak
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C1388BE-AD32-47BC-B51F-A37F1245203C}" = RICOH Media Driver
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87B2EBAC-86B0-41A3-AF06-BB3A0A87E2AB}" = Stylus Studio 2010 XML Enterprise Suite
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C08E4323-261D-4B2F-8F24-CDB26E2AA081}" = Iomega Home Storage Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5936FA-1D77-4131-9ED6-4F6AF6ABC227}" = Franson GpsGate 2.6
"{D054F5C3-EBE5-4A30-8B24-C32D2C3C5819}" = Chanalyzer Pro
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AnyDVD" = AnyDVD
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dcmsvc_is1" = dcmsvc 1.0
"EasyBoot_is1" = EasyBoot V6.52
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"LiveReg" = LiveReg (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities 15_is1" = Norton Utilities 15
"Registry Crawler" = Registry Crawler
"Security Task Manager" = Security Task Manager 1.8d
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V9.52
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 2:13:52 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:14:38 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:26:29 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 2:27:42 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/1/2012 3:05:25 PM | Computer Name = JTMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 6/7/2012 9:30:27 PM | Computer Name = JTMLAPTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/7/2012 9:30:27 PM | Computer Name = JTMLAPTOP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 6/7/2012 9:56:20 PM | Computer Name = JTMLAPTOP | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 6/8/2012 3:57:23 AM | Computer Name = JTMLAPTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/8/2012 8:39:56 AM | Computer Name = JTMLAPTOP | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

[ System Events ]
Error - 6/8/2012 8:25:53 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:25:55 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:25:56 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:25:59 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:28:16 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:28:42 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:31:23 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:31:23 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:41:17 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/8/2012 8:41:24 AM | Computer Name = JTMLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >








OUTPUT from BlueScreenView.exe in BSOD.txt

==================================================
Dump File : Mini052712-01.dmp
Crash Time : 5/27/2012 10:46:33 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x86d8beb8
Parameter 3 : 0x86d8ce28
Parameter 4 : 0x0beee418
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini052712-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
==================================================


==================================================
Dump File : Mini041112-02.dmp
Crash Time : 4/11/2012 7:24:09 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x01c9e724
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8054c139
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a892
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+a892
Stack Address 1 : ntoskrnl.exe+75139
Stack Address 2 : ntoskrnl.exe+7511e
Stack Address 3 : ntoskrnl.exe+8d785
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041112-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
==================================================


==================================================
Dump File : Mini041112-01.dmp
Crash Time : 4/11/2012 12:42:43 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x8a00024e
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8054c007
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a892
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+a892
Stack Address 1 : ntoskrnl.exe+75007
Stack Address 2 : ntoskrnl.exe+7511e
Stack Address 3 : hal.dll+314f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041112-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
==================================================




HERE is the output of “netsh.exe dump > netsh.txt”


WARNING: Could not obtain host information from machine: [JTMLAPTOP]. Some commands may not be available.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


#========================
# Interface configuration
#========================
pushd interface


reset all


popd
# End of interface configuration

#========================
# Interface configuration
#========================
pushd interface ipv6

uninstall


popd
# End of interface configuration



# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface ipv6 isatap



popd
# End of ISATAP configuration



# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface ipv6 6to4

reset



popd
# End of 6to4 configuration

#========================
# Port Proxy configuration
#========================
pushd interface portproxy

reset


popd
# End of Port Proxy configuration



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

Error obtaining configuration for interface Local Area Connection.



popd
# End of interface IP configuration


# ------------------------------------
# Bridge configuration (not supported)
# ------------------------------------

# ------------------------------------
# End of Bridge configuration
# ------------------------------------

# ----------------------------------------
# Wired LAN Configuration
# ----------------------------------------
pushd lan


popd

# End of Wired LAN Configuration.


# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client

# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------

reset trustedservergroup

# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------

set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048"

# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------

set hash oid = "1.3.14.3.2.29"

# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------

set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id = "79619" admin = "disable" id = "79620" admin = "disable" id = "79621" admin = "disable" id = "79623" admin = "disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------

set tracing state = "disable" level = "basic"

# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------

reset userinterface

popd
# End of NAP client configuration


# -----------------------------------------
# RAS Configuration
# -----------------------------------------
pushd ras

set authmode mode = standard
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP

set user name = Administrator dialin = policy cbpolicy = none
set user name = ASPNET dialin = policy cbpolicy = none
set user name = avenross dialin = policy cbpolicy = none
set user name = gregory glassell dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none
set user name = HelpAssistant dialin = policy cbpolicy = none
set user name = joann manges dialin = policy cbpolicy = none
set user name = mangesww dialin = policy cbpolicy = none
set user name = SUPPORT_388945a0 dialin = policy cbpolicy = none

set tracing component = * state = disabled

popd

# End of RAS configuration.




# -----------------------------------------
# RemoteAccess AppleTalk Configuration
# -----------------------------------------
pushd ras appletalk

set negotiation mode = allow
set access mode = all

popd

# End of RemoteAccess AppleTalk configuration.



# -----------------------------------------
# RAS IP Configuration
# -----------------------------------------
pushd ras ip

delete pool

set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = disabled
set addrassign method = auto

popd

# End of RAS IP configuration.



# -----------------------------------------
# RAS IPX Configuration
# -----------------------------------------
pushd ras ipx

set negotiation mode = allow
set access mode = all
set nodereq mode = allow
set netassign method = autosame

popd

# End of RAS IPX configuration.




# -----------------------------------------
# RAS NBF Configuration
# -----------------------------------------
pushd ras netbeui

set negotiation mode = allow
set access mode = all

popd

# End of RAS NBF configuration.




# -----------------------------------------
# RAS AAAA Configuration
# -----------------------------------------
pushd ras aaaa

set authentication provider = windows
set accounting provider = windows

delete authserver name = *
delete acctserver name = *



popd

# End of RAS AAAA configuration.


# Routing Configuration
pushd routing
reset
popd

#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#
# #
# BEFORE running this script #
# #
# To restore IPX router configuration, you must first #
# UNINSTALL IPX from the Network connections folder and #
# then REINSTALL it. #
# #
# This deletes the old IPX router configuration #
# and restores the IPX router configuration to its #
# default #
# #
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#

#----------------------------------------------------------
# IPX configuration
#----------------------------------------------------------

pushd routing ipx

#----------------------------------------------------------
# IPX Interface configuration
#----------------------------------------------------------


#----------------------------------------------------------
# IPX Traffic Filter configuration
#----------------------------------------------------------


#----------------------------------------------------------
# IPX Static Route configuration
#----------------------------------------------------------


#----------------------------------------------------------
# IPX Static Service configuration
#----------------------------------------------------------


popd

# End of IPX configuration

#----------------------------------------------------------
# IPX RIP configuration
#----------------------------------------------------------

pushd routing ipx rip
popd


# End of IPX RIP configuration

#----------------------------------------------------------
# IPX SAP configuration
#----------------------------------------------------------

pushd routing ipx sap
popd


# End of IPX SAP configuration

#----------------------------------------------------------
# IPX NETBIOS configuration
#----------------------------------------------------------

pushd routing ipx netbios
popd


# End of IPX NB configuration
# IP Configuration
pushd routing ip
reset
set loglevel error
add preferenceforprotocol proto=LOCAL preflevel=1
add preferenceforprotocol proto=NetMgmt preflevel=10
add preferenceforprotocol proto=STATIC preflevel=3
add preferenceforprotocol proto=NONDOD preflevel=5
add preferenceforprotocol proto=AUTOSTATIC preflevel=7
add preferenceforprotocol proto=OSPF preflevel=110
add preferenceforprotocol proto=RIP preflevel=120
add interface name="Wireless Network Connection 7" state=enable
set filter name="Wireless Network Connection 7" fragcheck=disable
add interface name="Wireless Network Connection 5" state=enable
set filter name="Wireless Network Connection 5" fragcheck=disable
add interface name="Wireless Network Connection 3" state=enable
set filter name="Wireless Network Connection 3" fragcheck=disable
add interface name="Local Area Connection" state=enable
set filter name="Local Area Connection" fragcheck=disable
add interface name="1394 Connection" state=enable
set filter name="1394 Connection" fragcheck=disable
add interface name="Local Area Connection 2" state=enable
set filter name="Local Area Connection 2" fragcheck=disable
add interface name="Wireless Network Connection 6" state=enable
set filter name="Wireless Network Connection 6" fragcheck=disable
add interface name="Internal" state=enable
set filter name="Internal" fragcheck=disable
add interface name="Loopback" state=enable
set filter name="Loopback" fragcheck=disable
popd
# End of IP configuration



# ----------------------------------
# DNS Proxy configuration
# ----------------------------------
pushd routing ip dnsproxy
uninstall


popd
# End of DNS proxy configuration



# ----------------------------------
# IGMP Configuration
# ----------------------------------
pushd routing ip igmp
uninstall


popd
# End of IGMP configuration



# ----------------------------------
# NAT configuration
# ----------------------------------
pushd routing ip nat
uninstall


popd




# ----------------------------------
# OSPF configuration
# ----------------------------------

pushd routing ip ospf
uninstall

popd
# End of OSPF configuration




# ----------------------------------
# DHCP Relay Agent configuration
# ----------------------------------
pushd routing ip relay
uninstall


popd
# End of DHCP Relay configuration



# ----------------------------------
# RIP configuration
# ----------------------------------
pushd routing ip rip
uninstall


popd
# End of RIP configuration



# ----------------------------------
# Router Discovery Configuration
# ----------------------------------
pushd routing ip routerdiscovery
uninstall
add interface name="Wireless Network Connection 7" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Wireless Network Connection 5" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Wireless Network Connection 3" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Local Area Connection" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="1394 Connection" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Local Area Connection 2" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Wireless Network Connection 6" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Internal" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Loopback" disc=disable minint=7 maxint=10 life=30 level=0


popd


# ----------------------------------
# DHCP Allocator Configuration
# ----------------------------------
pushd routing ip autodhcp
uninstall


popd
# End of DHCP Allocator Configuration



Finally OUTPUT from driver signature verification ran on 5/9/2012:

********************************


Microsoft Signature Verification

Log file generated on 5/9/2012 at 1:05 PM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 172, Signed: 169, Unsigned: 3, Not Scanned: 0


File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\conexant\cnxt_modem_pci_ven_8086&dev_24x6&subsys_542214f1]
hxfsetup.exe 3/8/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
[c:\program files\synaptics\syntp]
instnt.exe 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 5/14/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
synmood.exe 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 5/14/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 5/14/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpenh.ini 5/14/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntplpr.exe 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
synunst.ini 5/14/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
hal.dll 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hccoin.dll 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hccutils.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
hsfci014.dll 2/23/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
ialmcoin_v4396.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmdd5.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmdev5.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmdnt5.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmrem.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmrnt5.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuara.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuarb.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuchs.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmucht.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmucsy.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmudan.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmudeu.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmudlg.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuell.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmueng.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuesp.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmufin.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmufra.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmufrc.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuheb.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuhun.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuita.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmujpn.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmukor.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmunld.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmunor.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuplk.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuptb.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmuptg.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmurus.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmusve.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmutha.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ialmutrk.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igldev32.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
iglicd32.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igxpxa32.cpa 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igxpxa32.vp 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igxpxk32.vp 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
igxpxs32.vp 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
ksproxy.ax 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ksuser.dll 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.dll 3/17/2004 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
ntkrnlpa.exe 10/25/2011 2:5.1 Signed KB2633171.cat Microsoft Windows Component Publisher
ntoskrnl.exe 10/25/2011 2:5.1 Signed KB2633171.cat Microsoft Windows Component Publisher
oemdspif.dll 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
stac97.cpl 7/20/2004 2:5.00 Signed oem2.CAT Microsoft Windows Hardware Compatibility Publisher
storprop.dll 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
streamci.dll 8/4/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
syncom.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpcoi.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
syntpfcs.dll 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
usbui.dll 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wdfcoinstaller01009. Unknown None Not Signed N/A
wdmaud.drv 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
[c:\windows\system32\drivers]
1394bus.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
acpiec.sys 8/4/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
arp1394.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
b57xp32.sys 5/10/2006 2:5.00 Signed oem7.CAT Microsoft Windows Hardware Compatibility Publisher
battc.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bcmwl5.sys 3/16/2007 2:5.00 Signed oem6.CAT Microsoft Windows Hardware Compatibility Publisher
cdrom.sys 5/2/2008 2:5.1 Signed KB932716-v2.cat Microsoft Windows Component Publisher
cmbatt.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
compbatt.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
del1028.cty 5/3/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
disk.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/4/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hsf_cnxt.sys 5/3/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
hsf_dpv.sys 5/3/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
hsfhwich.sys 5/3/2005 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ialmnt5.sys 9/20/2005 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
imapi.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
intelide.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ks.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 3/17/2004 2:5.00 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
mouclass.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nscirda.sys 4/13/2008 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
omci.sys 1/23/2003 None Not Signed N/A
oprghdlr.sys 8/4/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pci.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
portcls.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasirda.sys 8/17/2001 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
stac97.sys 11/15/2004 2:5.00 Signed oem2.CAT Microsoft Windows Hardware Compatibility Publisher
stream.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
syntp.sys 5/13/2004 2:5.00 Signed oem57.CAT Microsoft Windows Hardware Compatibility Publisher
termdd.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbd.sys 8/4/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbuhci.sys 4/13/2008 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vclone.sys 5/22/2009 None Not Signed N/A
zumbus.sys 8/5/2011 2:5.1 Signed oem54.CAT Microsoft Windows Hardware Compatibility Publisher


THE END
Regards,
GadgetAngel
P.S. I'll now be working on what you wrote earlier today. :rolleyes: :happy:



  • 0

#9
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts
Thanks, but let's just eliminate memory & hardware :)
  • 0

#10
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Dear Azarl,

I downloaded memtest86+ and used the auto installer for USB Key. It is currently
is running. I have a question. Does memtest86+ require that each memory slot contain the same amount of memory in each slot? Here is my concern my X300 only has 1.11GB of memory. Slot 1 contains 1024MB DDR SODIMM & Slot 2 contains 128MB DDR SODIMM. My Dell diagnostics memory program ran from hex address 0x00000000000000 to 0x00000004767DFF. When I run memtest86+ the memory range given to the program by BIOS:
M1 mapped to 000000000000-00003FFFFC0
M2 mapped to 000000000000-000047FFFC0
When Memtest86+ performs its test it goes from 184K - 1143M 1142M

From my calculations 1.11GB = 1110MB, so how can the program be testing memory that is not there unless my belief that my memory address space begins at 0 is wrong? Does RAM begin at 184K?

All the memory tests that came on the OEM diagnostic test disk ran without error and I did run these tests over night but when I run with Memtest86+ I have an (1 bit stuck) error. I run both test OEM off Boot CD and memtest86+ from boot USB key. I'm confused by the results and I was wondering if the memory range memtest86+ was choosing to run with was correct?

HERE ARE THE MEMTEST86+ RESULTS:

Picture showing Memtest86+ DMI memory Device Info or Memory Slot setup:

Posted Image

Picture showing Memtest86+ after running all night:

Posted Image


Picture showing Memtest86+ showing memory slot 0 is in error:

Posted Image

IMPORTANT QUESTION:
Do 0 through 15 mean memory slot numbers? My machine only has two slots. Having a “1” show in slot 0 does this mean slot 0 is in error and that it truly is M1 on the DMI memory Device Info page?


Do I believe these results and replace the 1024 MB card? That leaves me with only 128MB and I can't run any type of Windows OS on that. So if you believe that memtest86+ is running with the right configuration and I need to replace the 1024MB DDR SODIMM memory card I believe I will buy the maximum new memory for the machine. Another question, I can't believe all the issues I am having are due to a bad memory card. That would explain BSOD but not re-writing entries in two external hard drives partition tables but not touching the partition table on the OS drive (c:\).

Regards,
GadgetAngel :blush: :blink:


  • 0

Advertisements


#11
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts
You may or may not have other issues, but the first thing to do is to sort out the memory problem. Such a problem can affect everything including partition tables. Memory should ideally be in balanced pairs. Fully updated XP teally needs at least 2Gb to function properly. It will work with less, but you'll get a lot of performance issues.

A lot of your problems are also down to having too much stuff running. SuperAntiSpyware & MalwareBytes should never be installed together, it kills your machine. One needs to go - I'd keep MBAM.
What AV & Firewall are you running, I can't see any?
Have you run a registry optimiser?
  • 0

#12
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Well I sorted out the memory problem!!

I ran Dell diagnostics on my machine for a longer period of time and it finally showed that I had “memory bus stress error”, not a memory chip error. But looking at Dell diagnostic’s further for memory they only run two different types of pattern in the memory chips. So I think we should keep this in mind. I do not know if the memory bus error was a false positive or not. It could have been really the chip in error but dell’s diagnostic made it look like a memory bus problem. But I thought you should know.

Posted Image

Memtest86+ as you have already seen shows that the only slot of memory I have is in ERROR. I had a 1 GB SDRAM SODIMM stick, I took it out and replaced it with the memory stick that was in my husband’s Dell Lattitude X300. We buy two computers of the same type (we both work in the computer industry) so we have spare parts.

I ran his 512MB of memory through both Dell Diagnostics and memtes86+ and it passed with flying colors:

Posted Image

After his 512MB stick passed the diagnostic tests I opened up both computers and pulled out my bad 1 GB stick and replaced it with the GOOD 512MB stick. I re-ran memtest86+ overnight on my machine with the 512MB stick and it passed with flying colors.

Posted Image

I'm now running with 640MB in my X300.

The Dell Latitude X300 was built in 2004 and computer manufacturers did not build laptop machines with balanced memory slots back than due to the expense of memory.

Posted Image

By the way, straight from http://support.microsoft.com/kb/314865 I quote "The minimum hardware requirements for Windows XP Professional include:
• Pentium 233-megahertz (MHz) processor or faster (300 MHz is recommended)
• At least 64 megabytes (MB) of RAM (128 MB is recommended)
• At least 1.5 gigabytes (GB) of available space on the hard disk
• CD-ROM or DVD-ROM drive
• Keyboard and a Microsoft Mouse or some other compatible pointing device
• Video adapter and monitor with Super VGA (800 x 600) or higher resolution
• Sound card
• Speakers or headphones”
I have not found any information out on the web that changed the specification for Windows XP Professional SP3.

Yes, I agree with you. More memory is always a GREAT idea.

I use to have fights over that concept with people back in 2004, but they would always remind me about the cost of memory. Back in 2004 one paid over $200 for 1 GB stick of memory. I was lucky I had what I had in my machine. My husband is the cheap one, not me!

And since the architecture of the X300 has only one memory slot I can't due much about buying more. SDRAM SODIMMs are not made any larger than 1 GB. So you are preaching to choir here. I already maxed out the machine in memory when I first bought it. I have always bought the most memory I could get. I put PC systems together for living or at least I believe I use to …..:lol:

I also agree that due to the memory size I should uninstall a lot of programs.

I did not realize SuperAntiSpyware and Malewarebytes running together would cause problems. I have them running on my windows 7 x64 (4 GB memory) and it seems fine. Please realize that I do not run SuperAnitSpyware in real-time protection mode. The only reason it is running is so I can (access it through context menu) run different antispyware packages on downloaded software from the web or from the CD drive before installations.

I have learned to scan everything. There is not one antimalware software that catches all malware (that does it all). Some do a better job at finding other types of malware. I use SuperAntispyware, MalwareBytes, SpybotSearchandDestroy, Kasperskey Internet Security (but on the X300 Kasperskey would not reinstall, so I bought Norton Internet Security 2012 and it forced installed and is running on the X300. I use all these to scan a file downloaded or off CD before doing an install to see if I can detect a problem before I get infected.

I have already unistalled Zune, RoxioNow player, Wi-Spy, Iomega Home Storage Manager, UPERAntiSpyware, Franson GpsGate 2.6, snd VirtualCloneDrive. There is a lot more I can uninstall.

I would like to keep: SnagIt 8, Roxio Creator DE, Windows Instal ler Clean Up, WebFldrs XP, Microsoft SQL Server 2005, Revo Uninstaller Pro 2.5.7, Winternals Administrator's Pak, CmdHere Powertoy For Windows XP, Microsoft Visual C++ 2005, Stylus Studio 2010 XML Enterprise Suite, Microsoft Office Professional Edition 2003, TI Connect 1.6, Adobe Reader X (10.1.3), WinZip 14.5, Skype™ 5.8, Apple Mobile Device Support, CCleaner, CutePDF Writer 2.8, EasyBoot V6.52, EPSON Scan, ERUNT 1.1j, Windows Internet Explorer 8, ImgBurn, jv16 PowerTools 2011, Magic ISO Maker v5.5, MagicDisc 2.7.106, Malwarebytes Anti-Malware version 1.61.0.1400, Norton Internet Security, Norton Utilities 15, egistry Crawler, Security Task Manager 1.8d, SpywareBlaster 4.6, UltraISO Premium V9.52, WinISO 5.3, and Dropbox

Yes, I have registry cleaners, CCleaner, Spybot Search and Destroy, and jv15 PowerTools 2011. I also use Registry Crawler it’s a nicer interface to the registry the regedit. I use ERUNT to backup the registries. Make changes and it things don’t work I can also go back and replace the registries with a backup I made with ERUNT. I know I have a backup of the registries before 4/11/2012 when all these problem began. We can roll back the registries if you think the registry entries are a problem.

I use registry cleaners very carefully,


I usually go into the registry with registry crawler make a change to a key by renaming the key or value my prefixing or appending the item with JTM_ or _JTM to see what happens to the system. If its bad I can always boot back into safe mode and change the key or value back by searching the registry for “JTM”. If I think something should not be there I will delete it only if I have made a backup of the registry with ERUNT. I’m not a newbie at this. I have 15 years under my belt in fact I’m probably more dangerous than a newbie because I feel to comfortable but I do practice common “good practices” when dealing with certain areas of the OS.

By the way the following packages are not ones I installed on the machine unless they were installed by some other package on my machine but they look suspicious to me: Microsoft User-Mode Driver Framework Feature Pack 1.0 and Yahoo! Detect and Microsoft Kernel-Mode Driver Framework Feature Pack 1.9.

Now that I have finished answering your questions, let me tell you what has been going on since I have installed the good 512MB stick in my X300. I ran the disk diagnostic from dell again just to see if the good memory chip made a difference in the results from those tests. Well those tests got worse. So I decided I needed to do a check disk on the C drive (OS drive) again. I started it before going to be last night. When I work up at 9:00 AM (10 hours later) the screen looked as follows:
Paste screen of check disk stuck:

Posted Image

I have a bootable CD with XP recovery console so I decided to boot my machine into recover console. I ran chkdsk /r in recovery console and it was able to run through the whole disk While in recover console I DID NOT TRY TO FIX THE MBR or BOOT because if they are infected by a virus I read the virus could really scramble the partition table. Soooo

I now plan to use Copy Commander in DOS to copy the partition on C: drive to an external USB drive so I have a backup before I loose anymore data. If the virus is in the boot sector, it will get cloned over to the new USB partition but I only plan to have the USB parathion as a backup. This way we are ready to go an do as much damage as we like to try to get ride of this virus. I'll send you a reply to let you know when I have my C: partition backed up. But I have the MEMORY PROBLEM SOLVED. I have a new 1 GB stick on order in 2012 it will on cost me $36. Wow has the cost gone way down.

Regards,
GadgetAngel :huh:


  • 0

#13
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts

By the way, straight from http://support.microsoft.com/kb/314865 I quote "The minimum hardware requirements for Windows XP Professional include:

That is five years old. Five years of updates that bloat XP and eat memory.

I use registry cleaners very carefully,
Why use them at all? They're a complete gimmick they have no performance benefits whatsoever. In fact they can easily damage a system.
http://blogs.technet...ct-of-life.aspx
http://www.edbott.co...istry-cleaners/
  • 1

#14
GadgetAngel

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey, I'm here to learn from you. So what do I do now? Do you want me to roll back the registry. I used ERUNT to back backups of the registry so you want me to roll back the registry to an earlier time?

Regards,
GadgetAngel
  • 0

#15
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,201 posts
Is the memory issue sorted?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP