Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP: since support stopped having issues with start up and run


  • This topic is locked This topic is locked

#1
Alikhat68

Alikhat68

    Member

  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 9/24/2014 11:39:32 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner.GAMECOMP\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.98 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.44% Memory free
3.83 Gb Paging File | 2.66 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.70 Gb Total Space | 167.82 Gb Free Space | 57.34% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 1.34 Gb Free Space | 17.97% Space Free | Partition Type: FAT32
 
Computer Name: GAMECOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/24 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.GAMECOMP\My Documents\Downloads\OTL (1).exe
PRC - [2014/09/03 20:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/08/08 10:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/09/10 17:51:14 | 003,109,376 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2009/07/21 11:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 22:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/09/19 10:43:45 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/07/27 09:54:22 | 000,303,104 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/07/27 09:53:24 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/07/27 09:52:58 | 000,188,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/07/27 09:06:42 | 000,425,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2006/07/27 09:03:24 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2006/07/27 08:39:04 | 000,196,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
PRC - [2006/07/27 08:21:48 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
PRC - [2006/07/09 23:37:24 | 000,025,600 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/12/09 18:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/11/14 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/24 10:59:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\hashobjs_ext.pyd
MOD - [2014/09/24 10:59:13 | 000,805,888 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._gdi_.pyd
MOD - [2014/09/24 10:59:13 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_multiprocessing.pyd
MOD - [2014/09/24 10:59:11 | 001,160,704 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_ssl.pyd
MOD - [2014/09/24 10:59:11 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\PyWinTypes27.dll
MOD - [2014/09/24 10:59:07 | 000,713,216 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_hashlib.pyd
MOD - [2014/09/24 10:59:05 | 000,811,008 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._windows_.pyd
MOD - [2014/09/24 10:59:03 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._html2.pyd
MOD - [2014/09/24 10:59:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32pdh.pyd
MOD - [2014/09/24 10:59:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32pipe.pyd
MOD - [2014/09/24 10:58:59 | 001,062,400 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._controls_.pyd
MOD - [2014/09/24 10:58:56 | 000,686,080 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\unicodedata.pyd
MOD - [2014/09/24 10:58:54 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\pyexpat.pyd
MOD - [2014/09/24 10:58:54 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32inet.pyd
MOD - [2014/09/24 10:58:54 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32event.pyd
MOD - [2014/09/24 10:58:54 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\select.pyd
MOD - [2014/09/24 10:58:53 | 000,525,640 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\windows._lib_cacheinvalidation.pyd
MOD - [2014/09/24 10:58:53 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32file.pyd
MOD - [2014/09/24 10:58:53 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32security.pyd
MOD - [2014/09/24 10:58:53 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32profile.pyd
MOD - [2014/09/24 10:58:51 | 000,167,936 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32gui.pyd
MOD - [2014/09/24 10:58:51 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_elementtree.pyd
MOD - [2014/09/24 10:58:51 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_ctypes.pyd
MOD - [2014/09/24 10:58:51 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\_socket.pyd
MOD - [2014/09/24 10:58:50 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\pysqlite2._sqlite.pyd
MOD - [2014/09/24 10:58:50 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32com.shell.shell.pyd
MOD - [2014/09/24 10:58:50 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32api.pyd
MOD - [2014/09/24 10:58:48 | 001,175,040 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._core_.pyd
MOD - [2014/09/24 10:58:48 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32ts.pyd
MOD - [2014/09/24 10:58:44 | 000,364,544 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\pythoncom27.dll
MOD - [2014/09/24 10:58:43 | 000,735,232 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._misc_.pyd
MOD - [2014/09/24 10:58:43 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._animate.pyd
MOD - [2014/09/24 10:58:41 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\wx._wizard.pyd
MOD - [2014/09/24 10:58:41 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32crypt.pyd
MOD - [2014/09/24 10:58:14 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Temp\_MEI18842\win32process.pyd
MOD - [2014/09/03 20:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014/09/03 20:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014/09/03 20:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2013/09/10 17:51:14 | 003,109,376 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/07/10 18:38:23 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9a499f80\mscorlib.dll
MOD - [2013/07/10 18:38:20 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b5874cae\system.drawing.dll
MOD - [2013/07/10 18:38:12 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_414f413e\system.xml.dll
MOD - [2013/07/10 18:38:07 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e480caac\system.windows.forms.dll
MOD - [2013/07/10 18:37:53 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_afdf7d5a\system.dll
MOD - [2013/07/10 18:37:43 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/07/10 18:37:42 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/07/10 18:37:40 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/07/21 11:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/01/29 18:14:19 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2009/01/29 18:14:19 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2009/01/29 18:14:15 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2009/01/29 18:13:45 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2009/01/29 18:13:16 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2009/01/29 18:13:16 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2009/01/29 18:13:16 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2009/01/29 18:13:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2009/01/29 18:13:16 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2009/01/29 18:13:15 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2009/01/29 18:13:15 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2009/01/29 18:13:15 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2009/01/29 18:13:15 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2009/01/29 18:13:15 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2009/01/29 18:13:15 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2009/01/29 18:13:15 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2009/01/29 18:13:15 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2009/01/29 18:13:15 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2009/01/29 18:12:10 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2009/01/29 18:12:10 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2009/01/29 18:12:10 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2009/01/29 18:12:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2009/01/29 18:12:10 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2009/01/29 18:12:09 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2008/09/11 11:48:38 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/06/18 21:32:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/18 21:28:42 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2005/08/05 21:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 20:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/08/02 16:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Skype C2C Service)
SRV - File not found [Auto | Stopped] --  -- (0147811269822765mcinstcleanup)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/03 08:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/11/22 05:44:42 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/19 03:35:50 | 000,356,434 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/19 10:43:45 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/07/27 09:52:58 | 000,188,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/07/27 09:06:42 | 000,425,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/07/27 09:03:24 | 000,163,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/07/27 08:39:04 | 000,196,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService)
SRV - [2006/07/27 08:21:48 | 000,094,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM)
SRV - [2006/07/09 23:37:24 | 000,025,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/09/12 15:11:20 | 001,137,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20140912.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/09/09 04:02:39 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/08/26 17:16:33 | 000,448,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20140923.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2014/08/21 05:45:06 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140923.017_c3f\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/21 05:45:05 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140923.017_c3f\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/31 14:23:02 | 000,059,776 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2012/07/03 08:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/07/07 00:01:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 18:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009/05/15 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/05/15 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/07/21 17:14:18 | 000,016,128 | ---- | M] (Digital Networks North America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RIOUNIV.SYS -- (RIOUNIV)
DRV - [2008/06/13 08:50:26 | 000,386,784 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2008/06/12 15:50:58 | 000,155,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ar5523.bin -- (AR5523)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/02/12 18:05:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2006/09/19 10:42:59 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006/07/27 10:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/07/13 18:23:54 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/07/13 18:23:52 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/07/13 18:23:32 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/07/13 18:23:30 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/07/13 18:23:28 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/06/19 14:18:56 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/06/15 15:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/09/15 22:24:38 | 000,206,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/03/17 09:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 09:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 09:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/05 14:25:38 | 000,381,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2003/11/07 02:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 02:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042pr2)
DRV - [2003/11/07 02:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 15:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{783D27F3-D124-4321-AF52-EC3564CE1E5E}: "URL" = http://websearch.ask...BF-999C402C363F
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/03 14:59:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.GAMECOMP\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.GAMECOMP\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner.GAMECOMP\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFF [2013/10/09 09:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2014/09/24 10:52:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/25 17:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 12:18:46 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/24 16:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/04 10:06:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner.GAMECOMP\Application Data\Move Networks [2011/02/04 17:55:11 | 000,000,000 | ---D | M]
 
[2009/01/21 17:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Mozilla\Extensions
[2013/04/19 10:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Mozilla\Firefox\Profiles\upy5c7xs.default\extensions
[2009/09/14 13:06:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Mozilla\Firefox\Profiles\upy5c7xs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/02 09:00:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Mozilla\Firefox\Profiles\upy5c7xs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/10 16:15:19 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Mozilla\Firefox\Profiles\upy5c7xs.default\searchplugins\askcom.xml
[2012/08/26 10:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/26 09:12:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/03 00:42:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 22:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2013/02/24 16:04:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/27 19:27:42 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/30 20:26:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 00:42:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/11/17 08:49:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\malwarebytes\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Spyware Doctor] C:\Documents and Settings\Owner.GAMECOMP\Desktop\sdsetup[1].exe -min File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341444598866 (MUWebControl Class)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.e...om/eztwainx.cab (EZTwainX by Dosadi)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D07E439-11E0-4188-849C-C3A3B5F8D9FE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/15 22:14:51 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/11/15 21:14:54 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7e799da0-ea8b-11e3-bdb3-001676e0d0a8}\Shell - "" = AutoRun
O33 - MountPoints2\{7e799da0-ea8b-11e3-bdb3-001676e0d0a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e799da0-ea8b-11e3-bdb3-001676e0d0a8}\Shell\AutoRun\command - "" = J:\VerizonSWUpgradeAssistantLauncher.exe
O33 - MountPoints2\{cfa07712-a4b8-11de-bc15-001195dbf0ad}\Shell - "" = AutoRun
O33 - MountPoints2\{cfa07712-a4b8-11de-bc15-001195dbf0ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfa07712-a4b8-11de-bc15-001195dbf0ad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{de3128b8-6f4f-11e3-bd9f-001676e0d0a8}\Shell - "" = AutoRun
O33 - MountPoints2\{de3128b8-6f4f-11e3-bd9f-001676e0d0a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de3128b8-6f4f-11e3-bd9f-001676e0d0a8}\Shell\AutoRun\command - "" = K:\TL-BootStrap.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 10:50:06 | 000,000,000 | -HSD | C] -- C:\found.002
[2014/09/19 16:16:14 | 000,000,000 | -HSD | C] -- C:\found.001
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/24 11:41:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/24 10:54:03 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2014/09/24 10:53:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/24 10:53:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/24 10:53:25 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/24 10:53:24 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Amazon Music Helper.job
[2014/09/24 10:52:51 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/09/24 10:52:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/24 10:52:33 | 2128,416,768 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/21 14:21:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1426566321-187985109-3404076147-1007.job
[2014/09/15 09:25:23 | 000,057,735 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Desktop\Family Access Gradebook.pdf
[2014/09/15 09:20:40 | 000,002,944 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Desktop\Nico English Progress report 09.14.14.pdf
[2014/09/11 15:44:05 | 000,304,496 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\rx_image32.Cache
[2014/09/11 15:44:05 | 000,033,728 | ---- | M] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\rx_audio.Cache
[2014/09/08 15:00:12 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/15 09:25:23 | 000,057,735 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Desktop\Family Access Gradebook.pdf
[2014/09/15 09:21:12 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Desktop\Nico English Progress report 09.14.14.pdf
[2014/09/12 08:58:13 | 000,188,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/24 15:34:38 | 000,033,728 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\rx_audio.Cache
[2013/04/10 10:20:37 | 000,304,496 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\rx_image32.Cache
[2012/12/22 21:28:35 | 000,104,646 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2012/12/22 21:28:35 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2012/12/22 19:05:13 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/22 12:33:49 | 003,123,272 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/03/04 12:06:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\LOG
[2011/05/18 13:46:21 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/02/19 15:49:37 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\wklnhst.dat
[2007/10/25 18:31:21 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\SI.bin
[2007/08/21 18:27:28 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/15 13:50:58 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Owner.GAMECOMP\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/06/17 02:37:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/03/10 16:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/10/01 08:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2013/05/31 12:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2007/09/22 13:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/10/15 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/08/26 18:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2010/12/01 11:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2011/08/26 18:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2014/09/24 10:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/12 19:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012/05/17 15:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2006/09/19 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/19 10:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/10/15 18:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/10/01 16:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Amazon
[2013/02/24 16:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Catalina Marketing Corp
[2012/12/22 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\FixCleaner
[2007/08/03 16:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Leadertech
[2010/12/01 11:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\PureEdge
[2006/09/19 10:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\SampleView
[2011/08/26 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Simple Star
[2008/02/19 15:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Template
[2011/06/11 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\The Creative Assembly
[2010/07/31 10:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Tific
[2013/02/24 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Toolbar4
[2010/09/12 19:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Ubisoft
[2013/06/07 14:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\VirtualStore
[2009/01/18 17:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.GAMECOMP\Application Data\Yahoo
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.GAMECOMP\My Documents\Production 1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
 
< End of report >
 

  • 0

Advertisements


#2
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

I apologize as it's been a while since I've been here and forgot the protocol.  I have a Gateway GM5266E, yep it's old, but seems to have quite a bit of kick left in it.  I think Windows XP is the problem.  It came with capability of being upgraded to Vista, which we hated on a laptop so didn't upgrade.  Now she's caught with her pants down and XP support has expired.  We have Norton and had Anti-Malwarebytes on it which was fine until last AMB upgrade and then memory for anything seemed lacking.  I removed all anti malware software except Norton, which came free with Comcast.  Seems to be working more quickly.  Considering upgrading to Win 8.1 but do want to be sure my problems aren't related to malware and obtain any incite from someone more knowledgeable than me on whether or not this seems like a good plan.  According to 8.1 upgrade wizard my computer can be upgraded.  What do you think?  Any Malware?  

 

I thank anyone who responds in advance for all the assistance!

 

Ali


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Sorry for the delay. Sometimes it's get very busy in the forums and now is one of those times. Do you still need assistance?


  • 0

#4
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

I fear I may be beyond assistance now.  I have corrupt or missing Win Syst 32 config error now and can't even boot the computer in safe mode...Windows has shut down to protect my computer from damage...


  • 0

#5
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Luckily my work station is right next to my personal PC, so I can still email and get instruction if you have a way to get me out of this mess without pulling out the tower and taking it to the "Nerds On Call Shop"  near my home.  They need me to bring it in to diagnose.

 

Thank you!


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I'll put some instructions together for you. Thanks for letting me know. I'll be back in touch by tomorrow at the latest.


  • 0

#7
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Thank you!


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I'm assuming you have access to a USB drive and a blank CD that we can burn to using your good machine. If you don't please let me know. Please follow the instructions below.
 
Step#1 - Create a Bootable CD
 
1. Download OTLPENet.exe to your desktop of the working computer.
2. Ensure that you have a blank CD in the drive
3. Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
 
  
Step#2 - Copy FRST on to a USB Drive
 
1. Download FRST and put on your USB drive.
  
 
Step#3 - Boot Your Sick Machine with CD Rom
 
1. Insert the CD Rom into your Sick computer.
2. Ensure that your system is configured to boot 1st from the CD Drive before your main hard drive. There are variations on how to do this depending on what machine you have
    however a couple links that show the general steps can be found here and here.
3. Once the BIOS is set to boot from the CD Drive, when you boot your machine with the CD in the drive you may get a message asking you to hit any key to boot from the CD.
    Go ahead and do this.

4. Plug your USB drive into the computer while it's still loading.

5. It will take a few minutes for the CD to fully load. If successful you will be at a desktop.
 
Step#4 - Generate Needed Logs
 
1. Double-click on the computer icon and locate your USB drive letter.
2. Double-click on FRST.exe to open.
3. If a disclaimer comes up, Please answer Yes.
4. Under the Optional Scan section, please check List BCD.
    ListBCD.JPG
 
5. Click the Scan button. It will create a log file named FRST.txt on the USB Drive. It will also open in Notepad when finished.

6. Please post the contents of this log in to your next post. You should have internet access on this machine.
7. If not, please plug the USB Drive into your Good computer and post the contents of this log file.

 

 

Step#5 - Questions
 
1. Do you have a Windows XP Media Center Reinstall CD? Just need to know so I have an understanding of what options we have.

2. Can you tell me which hive was referenced when it said "corrupt or missing Win Syst 32 config"? Was in the Software or System hive that was referenced?
 
   
 
Items for your next post
1. Contents of the FRST log file.

2. Answer to my questions


  • 0

#9
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

You are probably not going to believe this and believe me I am more frustrated than you can imagine...or maybe you can:

 

This is not related to the above problem but standing in the way of resolution.  I did post another help request under the appropriate topic.

 

I have 3 computers.  

 

1 is down  the one you're trying to help me fix.  

 

Computer 2 (work computer and the one I'm  using) only has CD-ROM  no burner...shocking, I know.  

 

Computer 3 (the oldest of the 3) 2002 XP Home Ed. SP3-- has ROM and Burner Lite on DVDRW SOHW 1633 and CD ROM LTN489S.  Has 39 error code for the drivers so they won't work. Today I tried to update drivers and the updater I used w/AVG updated my USB wireless driver so now that computer cannot get on the Internet and restore requires a CD and not working CD/DVD drives is what I was trying to fix.  What I'd really like to find is a location to download a driver onto a USB and then install it on my desktop.  OR as I saw somewhere else there may be filters that are blocking the installed drivers...if someone could tell me how to undo that, it would be great.  This is really crazy!!  If I'm not bald by tomorrow, I will be incredibly shocked.  Plus my 15 year old isn't going to be happy to find out I messed up his Internet while he was at school...in my defense, I was trying to fix his DVD/CD problem...


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. How about I provide instructions for you to make a bootable USB drive? That way we can bypass the whole CD ROM issue altogether and let you get that resolved with your other post. Sound good?


  • 0

Advertisements


#11
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Will it work if my PC is only hard disk bootable?
  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I believe your machine will be able to boot from CD or USB. Let's give it a shot. I'll provide instructions shortly.


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Step#1 - Questions
 
1. Do you have a Windows XP Media Center Reinstall CD? Just need to know so I have an understanding of what options we have.

2. Can you tell me which hive was referenced when it said "corrupt or missing Win Syst 32 config"? Was in the Software or System hive that was referenced?

 

Step#2 - Create a Bootable USB Drive

1. Please download the following three things to the Desktop of your Working computer.
    a) Rufus
    b) winpe.iso
    c) Farbar Recovery Scan Tool
 
2. Insert your USB drive into your working computer. Note: Please ensure that there isn't anything on the USB drive that you need as we will be formatting it.
3. Right-click on rufus-1.4.10.exe and select Run as administrator (I'm assuming your working machine is at least Windows Vista). Answer Yes to Allow if prompted.
4. If you are asked to check for application updates. Just answer No.
5. Please click on the icon as shown below and select the ISO file that you downloaded to your desktop in step#1b.

6. Please also change the "New volume label" to WINPE.
    WinPE.JPG
7. Click the Start button.
8. When it's Done click the Close button.

 

 

Step#3 - Copy FRST on to the same USB Drive
 
1. Click the Start Orb in the lower left corner of the screen and click on Computer.
2. Click on the drive letter that represents your USB Drive and then copy the FRST.exe from your Desktop to this location as shown below.

    ContentsOfUSB.JPG
  
  

 

Step#4 - Boot Your Sick Machine with USB Drive
 
1. Insert the USB Drive into your Sick computer.
2. Ensure the power is off on this computer.
3. Turn on your computer and then begin hitting F12 to bring up your boot menu. You should see options such has Hard Drive, CD-ROM and hopefully USB.

4. Use your arrows on the keyboard to select the USB option and hit Enter on the keyboard.
5. You should get a message asking you to hit any key to boot from the USB. Go ahead and do this.
6. Once the machine is booted you will be at a black command-prompt window.

 

Step#5 - Generate Needed Logs
 
1. Please type the word notepad in the black command prompt window and hit Enter on the keyboard.

2. Under the File menu of notepad, please select Open.

3. Double-click on Computer and then identify which drive letter represents your USB drive. It should be the one labeled WinPE. It won't be C: or X:.

4. Click Cancel on the Open Dialog from notepad and close notepad.

5. In the Command Prompt window, please type F:\FRST.exe and press enter on the keyboard. Note: Replace F with the Drive Letter you identified in bullet#3.

6. The tool will start to run.

7. If a disclaimer comes up, Please answer Yes.

8. Under the Optional Scan section, please check List BCD.

    ListBCD.JPG

 

9. Click the Scan button. It will create a log file named FRST.txt on the USB Drive. It will also open in Notepad when finished. You can simply close Notepad.

10. Please plug the USB Drive into your Good computer and post the contents of this log file.

 

   

 

Items for your next post

1. Answers to my Questions

2. Contents of the FRST log file.


  • 0

#14
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

I couldn't get it to boot from USB...but it was asking for a command.  Then it did a count down and when I didn't enter the command, it attempted to restart normally.    I'll try it again and see if I can figure out how to command it or at least give you the exact verbiage.

 

1.  I have windows XP Home Edition Version 2002 installation disc but not the multi media re-install disc.

2.  \WINDOWS\SYSTEM32\CONFIG\SYSTEM

 

Thank you!


  • 0

#15
Alikhat68

Alikhat68

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

OK I couldn't get it all.  Too fast.  It started out: CLIENT MAC ADDRE-THEN A BUNCH OF NUMBERS LIKE AN IP ADDRESS ENDING WITH DHCP\ and a blinking cursor...each second a dash appears and after about 5 dashes

FXE E53 No boot file name found

Exiting Intel Boot Agent

 

Any idea what this means?  I will try to find a method of burning the CD.  My other computer is now recognizing disc drives but the RW drive won't recognize a CD-RW.  I may have to get a CD-R...this is a common problem with older RW DVD and CD ROMS...

 

It says I should be able to repair with the set up CD, but I've tried and can't get it to work.

 

Thanks again,


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP