[Closed] LSASS.EXE application error

[freshtag]

[FONT=Arial]I have a desktop running Windows XP Pro W/SP3 that will not boot. It give an error of LSASS.exe Application Error when it starts up and when you click on OK it just reboots. I am unable to boot into any Safe Mode option. Restart with last known configuration does nothing as well. I am able to boot with a bootable CD to see if it will even load. I have tried to use a Windows XP disc to repair the install but it gives me a BSOD after loading all the files and before it starts up. Looking for any help possible. I know there was a lsass.exe virus at one time and not sure if this is it or not. Thanks in advance.[/FONT]

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

OTLPE + Farbar Recovery Scan Tool

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button. It will do its scan and save a log on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please post log in your next reply.

 

[freshtag]

Here is the FRST log:
---------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-11-2012
Ran by SYSTEM at 08-11-2012 07:54:22
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray [888832 2008-07-17] (Analog Devices, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2009-04-22] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2010-07-13] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2010-07-19] ()
HKLM\...\Run: [PostCopy] C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe [20480 2001-07-25] ()
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [333376 2011-11-15] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [215360 2011-09-14] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Administrator.039-PC1160\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\awat6898\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\ctdrk039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\ctdrk039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\ctmaj039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\ctmaj039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\iscrs039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\iscrs039\...\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] ()
HKU\ismjj039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\jcoll4511\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\jcoll4511\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\LocalService\...\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" [4167376 2005-05-12] (Microsoft Corporation)
HKU\LocalService\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\NetworkService\...\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" [4167376 2005-05-12] (Microsoft Corporation)
HKU\NetworkService\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\rhud2803\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\rhud2803\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\rhud2803\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-14] (Google Inc.)
HKU\trjlk039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\trjlk039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\trjmg039\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\trjrh039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\trjrh039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whbab039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whdjg039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whdjg039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whjxp039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whjxp039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whjxp039\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-14] (Google Inc.)
HKU\whlat039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whlat039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whlmd039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whtss039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whtss039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.39.64.201 10.201.19.179
==================== Services (Whitelisted) ===================
2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
2 DWMRCS; C:\Windows\System32\DWRCS.EXE -service [241688 2010-04-07] (DameWare Development LLC)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 McAfee SiteAdvisor Enterprise Service; "C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe" [222528 2009-12-14] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [132672 2011-11-15] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166024 2012-07-17] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [209760 2011-09-14] (McAfee, Inc.)
2 mfevtp; "C:\WINDOWS\system32\mfevtps.exe" [148520 2012-07-17] (McAfee, Inc.)
2 NovacomD; C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe [33792 2010-01-12] (Palm)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [68160 2010-07-19] ()
3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe /service [246624 2009-09-18] (Microsoft Corporation)
3 SSI Client Installer; C:\WINDOWS\system32\SCInstallerNT.exe [512000 2012-05-08] (Scalable Software, Inc.)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2009-06-12] (Lenovo Group Limited)
2 TVT Scheduler; "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [1122304 2008-03-04] (Lenovo Group Limited)
2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2054680 2008-07-21] (Intel Corporation)
2 Wdworkstation; C:\WINDOWS\system32\wdnpsvc.exe [58672 2005-02-15] (NetManage Incorporated)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 SSI Survey Client; c:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE [x]
==================== Drivers (Whitelisted) ====================
3 COAX; C:\Windows\System32\Drivers\COAX.sys [18424 2005-02-15] (NetManage Incorporated)
3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [149600 2008-10-24] (Intel Corporation)
3 EL90X; C:\Windows\System32\DRIVERS\el90xnd5.sys [153631 2001-08-17] (3Com Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
0 iastor86; C:\Windows\System32\Drivers\iastor86.sys [327192 2009-04-20] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [119968 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180072 2012-07-17] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59288 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [461864 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87808 2012-07-17] (McAfee, Inc.)
1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89624 2012-07-17] (McAfee, Inc.)
3 MRXWDRDR; C:\Windows\System32\drivers\mrxwdnp.sys [267056 2005-02-15] (NetManage Incorporated)
3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-10-07] (Intel Corporation )
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
3 prepdrvr; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
3 RMBS; C:\Windows\System32\Drivers\RMBS.sys [17828 2005-02-15] (NetManage Incorporated)
3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [8704 2009-04-22] (Analog Devices, Inc.)
3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-01-13] (Silicon Laboratories)
3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2012-01-13] (Silicon Laboratories)
3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
3 TPM; C:\Windows\System32\DRIVERS\tpm.sys [18048 2008-02-10] (Winbond Electronics Corp.)
3 TWXWD; C:\Windows\System32\Drivers\TWXWD.sys [26964 2005-02-15] (NetManage Incorporated)
2 WDHLLKNL; C:\Windows\System32\Drivers\WDHLLKNL.sys [4784 2005-02-15] (NetManage Incorporated)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 mfeavfk01; [x]
1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 RCHelp; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-11-06 11:37 - 2012-11-06 11:37 - 00104742 ____A C:\OTL.Txt
2012-11-06 04:02 - 2012-11-06 04:02 - 00001661 ____N C:\rescue-system_scan.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00007896 ____A C:\Windows\KB2724197.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-10-26 05:48 - 2012-10-26 05:48 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-25 17:16 - 2012-10-25 17:16 - 00000000 ____D C:\Program Files\CleanUp!
2012-10-25 05:59 - 2012-10-25 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2012-10-18 07:39 - 2012-10-18 07:39 - 00023552 ____A C:\Documents and Settings\rhud2803\My Documents\10-17-12 po close log.xls

==================== One Month Modified Files and Folders ========
2012-11-08 07:53 - 2012-11-08 07:53 - 00000000 ____D C:\FRST
2012-11-06 11:37 - 2012-11-06 11:37 - 00104742 ____A C:\OTL.Txt
2012-11-06 04:02 - 2012-11-06 04:02 - 00001661 ____N C:\rescue-system_scan.log
2012-11-05 06:49 - 2011-08-10 05:22 - 00000428 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{FCAF0E76-02E6-4990-8072-D7632F31EE30}.job
2012-11-05 06:48 - 2012-05-07 23:17 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-11-05 06:48 - 2012-04-27 09:46 - 00000062 __ASH C:\Documents and Settings\rhud2803\Local Settings\desktop.ini
2012-11-05 06:48 - 2012-03-21 08:16 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0764c7317587.job
2012-11-05 06:48 - 2010-09-28 15:47 - 00034551 ____A C:\Documents and Settings\All Users\Application Data\SCD.LOG
2012-11-05 06:48 - 2010-09-28 15:47 - 00001848 ____A C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
2012-11-05 06:48 - 2009-04-21 09:35 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-05 06:48 - 2009-04-21 09:35 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-05 06:48 - 2009-04-21 09:35 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-05 06:48 - 2009-04-21 09:32 - 01544067 ____A C:\Windows\WindowsUpdate.log
2012-11-05 06:48 - 2009-04-21 09:30 - 00000816 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-05 06:48 - 2009-04-21 04:24 - 00000159 ____A C:\Windows\wiadebug.log
2012-11-05 06:48 - 2009-04-21 04:24 - 00000049 ____A C:\Windows\wiaservc.log
2012-11-05 06:48 - 2004-08-04 06:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-11-05 03:36 - 2009-04-21 04:18 - 00000245 _RASH C:\boot.ini
2012-11-02 13:34 - 2009-04-21 09:35 - 00031916 ____A C:\Windows\SchedLgU.Txt
2012-11-02 13:33 - 2012-04-27 09:46 - 00000278 ___SH C:\Documents and Settings\rhud2803\ntuser.ini
2012-11-02 13:32 - 2012-03-21 08:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd0764c73d6112.job
2012-11-02 13:27 - 2012-04-18 02:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-02 13:10 - 2012-04-30 11:24 - 00000000 ____D C:\Documents and Settings\rhud2803\Local Settings\Application Data\Deployment
2012-11-02 12:29 - 2012-04-27 09:45 - 00002521 ____A C:\Documents and Settings\rhud2803\Desktop\Microsoft Office Outlook 2003.lnk
2012-11-02 12:29 - 2009-04-21 04:22 - 00617894 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-11-02 12:26 - 2012-04-12 15:16 - 00000000 ____D C:\Windows\ccmhealth
2012-11-02 12:26 - 2010-07-15 10:33 - 00000463 ___AC C:\Windows\smscfg.ini
2012-11-02 11:04 - 2011-02-09 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-11-02 11:03 - 2012-11-02 11:03 - 00007896 ____A C:\Windows\KB2724197.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-11-02 11:03 - 2009-04-21 11:21 - 00000000 ___HD C:\Windows\$hf_mig$
2012-11-02 11:03 - 2009-04-21 04:23 - 01627306 ___AC C:\Windows\iis6.log
2012-11-02 11:03 - 2009-04-21 04:23 - 01471375 ___AC C:\Windows\FaxSetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00721113 ___AC C:\Windows\ocgen.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00693077 ___AC C:\Windows\tsoc.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00501995 ___AC C:\Windows\comsetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00454422 ___AC C:\Windows\msmqinst.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00302791 ___AC C:\Windows\ntdtcsetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00258887 ___AC C:\Windows\netfxocm.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00102081 ___AC C:\Windows\MedCtrOC.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00081724 ___AC C:\Windows\ocmsn.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00074648 ___AC C:\Windows\tabletoc.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00073965 ___AC C:\Windows\msgsocm.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00001374 ____A C:\Windows\imsins.log
2012-11-02 07:45 - 2012-04-27 09:45 - 00000000 ____D C:\Documents and Settings\rhud2803\My Documents\PO Close log
2012-11-02 05:52 - 2012-04-27 09:46 - 00009422 _RASH C:\Documents and Settings\rhud2803\ntuser.pol
2012-11-02 05:49 - 2009-04-21 04:16 - 00000000 ____D C:\Windows\security
2012-11-01 06:00 - 2011-04-05 23:46 - 00000000 __SHD C:\Windows\CSC
2012-10-31 05:52 - 2010-10-08 16:22 - 00000278 __ASH C:\Documents and Settings\whjxp039\ntuser.ini
2012-10-30 20:59 - 2010-10-08 16:22 - 00000062 _ASHC C:\Documents and Settings\whjxp039\Local Settings\desktop.ini
2012-10-26 05:48 - 2012-10-26 05:48 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-25 17:22 - 2010-09-28 15:11 - 00000000 ___HD C:\Windows\System32\dwrcssft
2012-10-25 17:16 - 2012-10-25 17:16 - 00000000 ____D C:\Program Files\CleanUp!
2012-10-25 06:00 - 2009-04-21 09:31 - 00023352 ___AC C:\Windows\wmsetup.log
2012-10-25 05:59 - 2012-10-25 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2012-10-25 05:59 - 2009-04-21 04:22 - 00342781 ____A C:\Windows\setupapi.log
2012-10-25 05:59 - 2009-04-21 04:22 - 00003261 ____A C:\Windows\setupact.log
2012-10-24 05:54 - 2012-04-18 02:07 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-24 05:54 - 2012-02-25 05:37 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-18 07:39 - 2012-10-18 07:39 - 00023552 ____A C:\Documents and Settings\rhud2803\My Documents\10-17-12 po close log.xls
2012-10-16 15:07 - 2010-10-08 16:22 - 00009422 _RASH C:\Documents and Settings\whjxp039\ntuser.pol
2012-10-12 06:11 - 2009-07-23 09:02 - 00000000 ____D C:\QUARANTINE
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-02 11:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP531
RP: -> 2012-11-02 06:54 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP530
RP: -> 2012-11-01 06:49 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP529
RP: -> 2012-10-30 16:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP528
RP: -> 2012-10-29 15:17 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP527
RP: -> 2012-10-25 19:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP526
RP: -> 2012-10-24 18:44 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP525
RP: -> 2012-10-23 18:42 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP524
RP: -> 2012-10-22 18:19 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP523
RP: -> 2012-10-21 18:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP522
RP: -> 2012-10-19 12:08 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP521
RP: -> 2012-10-18 12:03 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP520
RP: -> 2012-10-17 10:49 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP519
RP: -> 2012-10-16 07:59 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP518
RP: -> 2012-10-15 06:23 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP517
RP: -> 2012-10-10 20:35 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP516
RP: -> 2012-10-09 19:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP515
RP: -> 2012-10-07 19:38 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP513
RP: -> 2012-10-05 11:01 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP512
RP: -> 2012-10-04 23:14 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP511
RP: -> 2012-10-03 14:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP509
RP: -> 2012-10-02 14:09 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP508
RP: -> 2012-10-01 12:35 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP507
RP: -> 2012-09-30 09:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP506
RP: -> 2012-09-29 08:57 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP505
RP: -> 2012-09-27 18:55 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP503
RP: -> 2012-09-26 17:16 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP501
RP: -> 2012-09-24 18:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP499
RP: -> 2012-09-23 16:41 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP498
RP: -> 2012-09-21 11:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP497
RP: -> 2012-09-20 22:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP496
RP: -> 2012-09-19 22:48 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP495
RP: -> 2012-09-18 21:43 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP494
RP: -> 2012-09-17 20:40 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP493
RP: -> 2012-09-16 20:33 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP492
RP: -> 2012-09-15 19:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP491
RP: -> 2012-09-14 19:10 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP490
RP: -> 2012-09-13 18:36 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP489
RP: -> 2012-09-12 17:23 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP488
RP: -> 2012-09-11 16:29 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP487
RP: -> 2012-09-10 15:57 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP486
RP: -> 2012-09-09 15:15 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP485
RP: -> 2012-09-06 16:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP484
RP: -> 2012-09-05 15:45 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP483
RP: -> 2012-09-04 15:05 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP482
RP: -> 2012-09-03 13:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP481
RP: -> 2012-09-02 12:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP480
RP: -> 2012-09-01 11:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP479
RP: -> 2012-08-31 10:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP478
RP: -> 2012-08-30 06:15 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP477
RP: -> 2012-08-28 17:36 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP476
RP: -> 2012-08-27 17:00 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP475
RP: -> 2012-08-26 16:26 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP474
RP: -> 2012-08-23 21:48 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP473
RP: -> 2012-08-22 21:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP472
RP: -> 2012-08-21 21:09 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP471
RP: -> 2012-08-20 20:58 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP470
RP: -> 2012-08-19 20:26 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP469
RP: -> 2012-08-18 18:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP468
RP: -> 2012-08-17 17:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP467
RP: -> 2012-08-16 17:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP466
RP: -> 2012-08-15 16:19 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP465
RP: -> 2012-08-14 15:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP464
RP: -> 2012-08-13 15:18 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP463
RP: -> 2012-08-12 15:18 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP462
RP: -> 2012-08-09 16:27 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP461
RP: -> 2012-08-08 16:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP460
RP: -> 2012-08-07 15:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP459
RP: -> 2012-08-06 15:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP458
RP: -> 2012-08-05 14:56 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP457

==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 1884.1 MB
Available physical RAM: 1616.15 MB
Total Pagefile: 1715.73 MB
Available Pagefile: 1654.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:232.88 GB) (Free:200.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive e: () (Removable) (Total:1.91 GB) (Free:1.9 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 1024 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 233 GB Healthy
=========================================================
==================== End Of Log ============================

 

[Jay Pfoutz]

Good.

Open OTL in OTLPE, please. Press Quick Scan, save the log, and post in your next reply.

 

[freshtag]

Here is the OTL log file:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 11/8/2012 11:23:17 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 200.25 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2012/10/24 05:54:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 11:02:11 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/17 11:02:10 | 000,166,024 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/05/08 13:03:31 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Auto] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
SRV - [2012/05/08 12:59:09 | 000,512,000 | ---- | M] (Scalable Software, Inc.) [On_Demand] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
SRV - [2011/11/15 16:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/07/19 13:27:36 | 000,068,160 | ---- | M] () [Auto] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/07 11:12:04 | 000,241,688 | ---- | M] (DameWare Development LLC) [Auto] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/12/14 17:28:42 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/07/21 15:46:28 | 002,054,680 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/07/21 15:46:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005/02/15 17:24:42 | 000,058,672 | ---- | M] (NetManage Incorporated) [Auto] -- C:\WINDOWS\system32\wdnpsvc.exe -- (Wdworkstation)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (mferkdk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/07/17 11:02:11 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 11:02:11 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/07/17 11:02:11 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/17 11:02:10 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/17 11:02:10 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/07/17 11:02:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/01/13 09:45:36 | 000,047,176 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2012/01/13 09:45:35 | 000,058,112 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2011/02/21 17:37:45 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/04/22 17:04:18 | 000,008,704 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2009/04/20 16:36:18 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\iastor86.sys -- (iastor86)
DRV - [2008/10/24 10:32:24 | 000,149,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/10/07 23:23:04 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/03/28 12:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/10 17:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/15 06:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 06:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2007/01/29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/14 09:56:46 | 000,014,592 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2006/09/14 10:48:58 | 000,016,768 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2005/02/15 17:49:18 | 000,004,784 | ---- | M] (NetManage Incorporated) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\WDHLLKNL.SYS -- (WDHLLKNL)
DRV - [2005/02/15 17:38:28 | 000,026,964 | ---- | M] (NetManage Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TwxWD.sys -- (TWXWD)
DRV - [2005/02/15 17:24:40 | 000,267,056 | ---- | M] (NetManage Incorporated) [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\mrxwdnp.sys -- (MRXWDRDR)
DRV - [2005/02/15 16:57:50 | 000,018,424 | ---- | M] (NetManage Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\coax.sys -- (COAX)
DRV - [2005/02/15 16:54:06 | 000,017,828 | ---- | M] (NetManage Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rmbs.sys -- (RMBS)
DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.039-PC1160_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator.039-PC1160_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = cx039a.na.sysco.net:80

IE - HKU\awat6898_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\ctdrk039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\ctdrk039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\ctdrk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\ctdrk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\ctdrk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\ctmaj039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\ctmaj039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\ctmaj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\ctmaj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\ctmaj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\icymm039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\icymm039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\icymm039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\icymm039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\icymm039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\iscrs039_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://encrypted.google.com/ [binary data]
IE - HKU\iscrs039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\iscrs039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\iscrs039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\iscrs039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\ismjj039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\ismjj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\ismjj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\ismjj039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\jcoll4511_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\jcoll4511_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\jcoll4511_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\jcoll4511_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\jcoll4511_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\mbas9764_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\mbas9764_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\mbas9764_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\mbas9764_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\rhud2803_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\rhud2803_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\rhud2803_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\rhud2803_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\rhud2803_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\svc_iowa_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\svc_iowa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\svc_iowa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\svc_iowa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\svc_iowa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80


IE - HKU\trjlk039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\trjlk039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\trjlk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\trjlk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\trjlk039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\trjmg039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\trjmg039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\trjmg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\trjmg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\trjmg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\trjrh039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\trjrh039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\trjrh039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\trjrh039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\trjrh039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whbab039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whbab039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whbab039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whbab039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whbab039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whdjg039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whdjg039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whdjg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whdjg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whdjg039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whjxp039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whjxp039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whjxp039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whjxp039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whjxp039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whlat039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whlat039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whlat039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whlat039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whlat039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whlmd039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whlmd039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whlmd039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whlmd039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whlmd039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

IE - HKU\whtss039_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sysco.com
IE - HKU\whtss039_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sysco.com
IE - HKU\whtss039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\whtss039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.sysco.net;dw.sysco.com;go.sysco.com;vpn.sysco.com;etools.sysco.com;ecmcs.*;ecm.*;myoffice.*;mysysco.*;ms247*;update.nai.com;vpncc.sysco.com;gotest.sysco.com;marketmover.sysco.com;<local>
IE - HKU\whtss039_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=cx039a.na.sysco.net:80;https=cx039a.na.sysco.net:80;ftp=cx039a.na.sysco.net:80

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011/09/30 10:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/02 12:26:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120717110310.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (TPMX Electronics Ltd.)
O4 - HKLM..\Run: [PostCopy] C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe ()
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\iscrs039_ON_C..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
O4 - HKU\LocalService_ON_C..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.039-PC1160_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\awat6898_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ctdrk039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ctmaj039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\icymm039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\iscrs039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ismjj039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jcoll4511_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mbas9764_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\rhud2803_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\svc_iowa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\trjlk039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\trjmg039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\trjrh039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whbab039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whdjg039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whjxp039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whlat039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whlmd039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\whtss039_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/70.11/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {57F867E0-774E-488B-A93C-856BEA66668F} https://www.xatanet.net/XataNet/XATA XML Core.cab (XataXMLCore.XMLCore)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279203156799 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279203116892 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8EC5D5F5-4D7D-435F-A578-A08B2F47A8D3} https://www.xatanet.net/XataNet/XATA Trip Control.cab (XataClientCacheVer Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8B4778E-2B10-44BE-A9BB-F20EDC5C48C8} http://survey.na.sysco.net/SSISurvey/applet/SSIWrapper.cab (Grid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.39.64.201 10.201.19.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.sysco.net
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 09:33:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/08 07:53:24 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/25 17:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\whjxp039\Start Menu\Programs\CleanUp!
[2012/10/25 17:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/09/10 13:24:27 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/06 10:04:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/05 06:49:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FCAF0E76-02E6-4990-8072-D7632F31EE30}.job
[2012/11/05 06:48:59 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2012/11/05 06:48:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/11/05 06:48:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd0764c7317587.job
[2012/11/05 06:48:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/05 03:36:51 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2012/11/02 13:32:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cd0764c73d6112.job
[2012/11/02 13:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/02 12:29:58 | 000,514,364 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/02 12:29:58 | 000,092,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/02 12:29:22 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\rhud2803\Desktop\Microsoft Office Outlook 2003.lnk
[2012/11/02 12:26:50 | 000,000,463 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/11/02 05:52:05 | 000,009,422 | RHS- | M] () -- C:\Documents and Settings\rhud2803\ntuser.pol
[2012/10/26 05:48:11 | 000,002,272 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/25 05:59:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/10/16 15:07:36 | 000,009,422 | RHS- | M] () -- C:\Documents and Settings\whjxp039\ntuser.pol
[49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

[freshtag]

========== Files Created - No Company Name ==========

[2012/10/26 05:48:11 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/25 05:59:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/05/02 14:15:19 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2012/04/27 09:46:36 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\rhud2803\ntuser.pol
[2012/04/25 13:23:11 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\ctdrk039\ntuser.pol
[2012/04/12 15:16:28 | 000,034,848 | ---- | C] () -- C:\WINDOWS\smsrsgen.dll
[2012/03/13 08:48:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 12:40:32 | 000,006,528 | RHS- | C] () -- C:\Documents and Settings\mbas9764\ntuser.pol
[2012/01/31 22:04:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2011/08/31 20:49:23 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\jcoll4511\ntuser.pol
[2011/08/15 20:36:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/22 03:57:00 | 000,008,283 | ---- | C] () -- C:\Documents and Settings\whdjg039\Local Settings\Application Data\{7446C7F7-7105-41C6-980A-D29A89E35564}
[2011/07/04 20:49:21 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\svc_iowa\ntuser.pol
[2011/07/03 03:57:00 | 000,008,283 | ---- | C] () -- C:\Documents and Settings\whtss039\Local Settings\Application Data\{15D27790-F79E-46AD-9BE7-0069074CC8FD}
[2011/07/02 03:57:00 | 000,008,283 | ---- | C] () -- C:\Documents and Settings\whtss039\Local Settings\Application Data\{73911F2B-B3EF-44AC-A43E-AD86E6438CF8}
[2011/06/07 20:06:39 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\trjlk039\ntuser.pol
[2011/04/07 15:05:51 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\ctmaj039\ntuser.pol
[2011/03/17 20:39:37 | 000,010,090 | RHS- | C] () -- C:\Documents and Settings\whdjg039\ntuser.pol
[2011/02/20 10:44:59 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\trjmg039\ntuser.pol
[2010/12/27 07:51:37 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\whlmd039\ntuser.pol
[2010/12/01 17:58:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\iscrs039\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 09:43:18 | 000,008,406 | RHS- | C] () -- C:\Documents and Settings\icymm039\ntuser.pol
[2010/10/08 16:22:27 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\whjxp039\ntuser.pol
[2010/10/03 17:22:58 | 000,008,406 | RHS- | C] () -- C:\Documents and Settings\whbab039\ntuser.pol
[2010/09/28 15:47:11 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2010/09/28 14:47:47 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\trjrh039\ntuser.pol
[2010/09/28 14:40:49 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\whtss039\ntuser.pol
[2010/09/28 14:32:39 | 000,009,422 | RHS- | C] () -- C:\Documents and Settings\whlat039\ntuser.pol
[2010/09/28 14:31:09 | 000,006,528 | RHS- | C] () -- C:\Documents and Settings\ismjj039\ntuser.pol
[2010/09/27 16:06:48 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2010/09/10 13:24:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/10 13:23:31 | 000,012,812 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2010/09/10 13:23:31 | 000,000,318 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2010/09/10 13:23:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\PELCPEXT.DLL
[2010/09/10 13:23:30 | 000,032,010 | ---- | C] () -- C:\WINDOWS\System32\PelCPExt.ini
[2010/09/10 13:23:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2010/09/10 13:23:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2010/07/15 10:33:06 | 000,000,463 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/15 09:39:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/23 09:36:44 | 000,000,279 | ---- | C] () -- C:\WINDOWS\ehncfg32.INI
[2009/07/21 13:17:09 | 000,035,392 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2009/04/21 12:06:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2009/04/21 11:12:05 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/21 09:36:28 | 000,006,528 | RHS- | C] () -- C:\Documents and Settings\iscrs039\ntuser.pol
[2009/04/21 09:34:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 09:31:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/21 04:22:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/21 04:19:31 | 000,982,224 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/21 04:19:31 | 000,439,336 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/21 04:18:36 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,514,364 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,092,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 11:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 11:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 11:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2009/07/21 15:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.039-PC1160\Application Data\DesktopPwrMgr
[2009/07/21 13:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DesktopPwrMgr
[2011/04/07 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctdrk039\Application Data\DesktopPwrMgr
[2011/04/07 15:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctdrk039\Application Data\NetManage
[2011/05/20 11:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctdrk039\Application Data\Windows Search
[2011/04/07 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctmaj039\Application Data\DesktopPwrMgr
[2011/04/07 15:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctmaj039\Application Data\NetManage
[2011/05/20 11:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ctmaj039\Application Data\Windows Search
[2010/10/25 13:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\icymm039\Application Data\DesktopPwrMgr
[2010/10/25 13:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\icymm039\Application Data\NetManage
[2010/10/12 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\CanuckSoftware
[2009/07/23 09:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\DesktopPwrMgr
[2011/03/15 22:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\GARMIN
[2011/02/08 22:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\Gradkell Systems, Inc
[2011/07/29 00:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\ieSpell
[2010/11/28 19:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\ImgBurn
[2009/04/21 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\NetManage
[2010/09/10 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\Windows Desktop Search
[2010/10/07 19:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iscrs039\Application Data\Windows Search
[2010/09/28 14:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ismjj039\Application Data\DesktopPwrMgr
[2011/08/31 20:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jcoll4511\Application Data\DesktopPwrMgr
[2011/09/02 14:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jcoll4511\Application Data\NetManage
[2012/02/01 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jcoll4511\Application Data\Windows Desktop Search
[2011/09/18 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jcoll4511\Application Data\Windows Search
[2012/02/09 12:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbas9764\Application Data\DesktopPwrMgr
[2011/04/07 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhud2803\Application Data\DesktopPwrMgr
[2011/04/07 15:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhud2803\Application Data\NetManage
[2011/05/20 11:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhud2803\Application Data\Windows Search
[2012/08/08 06:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhud2803\Application Data\Xerox
[2011/07/04 20:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svc_iowa\Application Data\DesktopPwrMgr
[2011/06/07 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjlk039\Application Data\DesktopPwrMgr
[2009/07/23 09:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjrh039\Application Data\DesktopPwrMgr
[2009/07/23 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjrh039\Application Data\ImgBurn
[2009/04/21 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjrh039\Application Data\NetManage
[2010/09/10 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjrh039\Application Data\Windows Desktop Search
[2010/09/29 05:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\trjrh039\Application Data\Windows Search
[2010/10/03 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whbab039\Application Data\DesktopPwrMgr
[2010/12/17 00:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whbab039\Application Data\NetManage
[2010/10/08 16:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whdjg039\Application Data\DesktopPwrMgr
[2011/01/06 00:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whdjg039\Application Data\NetManage
[2010/10/08 16:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whjxp039\Application Data\DesktopPwrMgr
[2011/01/06 00:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whjxp039\Application Data\NetManage
[2011/03/20 16:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whjxp039\Application Data\Windows Search
[2009/07/23 09:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlat039\Application Data\DesktopPwrMgr
[2009/07/23 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlat039\Application Data\ImgBurn
[2009/04/21 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlat039\Application Data\NetManage
[2010/09/10 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlat039\Application Data\Windows Desktop Search
[2010/10/11 10:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlat039\Application Data\Windows Search
[2010/12/27 07:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlmd039\Application Data\DesktopPwrMgr
[2010/12/27 07:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlmd039\Application Data\NetManage
[2010/12/27 07:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlmd039\Application Data\Windows Desktop Search
[2010/12/27 07:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whlmd039\Application Data\Windows Search
[2009/07/23 09:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whtss039\Application Data\DesktopPwrMgr
[2009/07/23 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whtss039\Application Data\ImgBurn
[2009/04/21 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whtss039\Application Data\NetManage
[2010/09/10 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whtss039\Application Data\Windows Desktop Search
[2010/09/30 18:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whtss039\Application Data\Windows Search
[2010/12/20 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AR System
[2010/09/28 14:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2009/04/21 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetManage
[2010/09/28 15:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scalable Software
[2010/10/10 22:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XataNetClientCache
[2011/01/16 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/10 13:23:06 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/11/05 06:49:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FCAF0E76-02E6-4990-8072-D7632F31EE30}.job

========== Purity Check ==========


< End of report >

 

[Jay Pfoutz]

Read and do the following please: http://www.howtogeek.com/howto/36403/how-to-use-the-kaspersky-rescue-disk-to-clean-your-infected-pc/

 

[freshtag]

I ran the scan and it has found malicious software.
object:
ment/cache/6.0/24/4c458618-421ea785.vir//json/Parser/class
Trogjan program:
Exploit.Java.CVE-2012-0840.dx

my options are:
1. disinfection is not possible - Reason: write not supported
2. delete archive - Archive file will be deleted
3. skip (recommended) - Do not perform any action

Which options should I pick? just wanted to make sure before I selcect one. Thanks.

 

[Jay Pfoutz]

Delete archive. Let me know if computer can function...

 

[freshtag]

I deleted it. Also FYI, full file path was:
C:/Documents and Settings/jcoll4511/Application Data/Sun/Java/Deployment/cache/6.0/24/4c458618-421ea785.vir//json/Parser/class

no other issues found. and scan is complete.

 

[Jay Pfoutz]

How is the computer working right now? Can it boot? Will it stay running?

 

[freshtag]

[FONT=Arial]Still get the lsass.exe error when I start the computer. [/FONT]
[FONT=Arial]It states:[/FONT]
[FONT=Arial]lsass.exe system error[/FONT]
[FONT=Arial]An invalid parameter was passed to a service or function.[/FONT]

[FONT=Arial]Click ok and computer reboots and does the same thing again. I get this error before the login screen shows.[/FONT]

 

[Jay Pfoutz]

Farbar Recovery Scan Tool x64 SEARCH

• Open FRST, like you've done before, type in the text lsass.exe in to the "Search:" text box. Then, press the Search file(s) button.
• When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log on the flash drive, search.txt logfile, please copy and paste the log in your reply.

 

[freshtag]

Farbar Recovery Scan Tool (x86) Version: 07-11-2012
Ran by SYSTEM at 2012-11-13 10:31:48
Running from E:\
================== Search: "lsass.exe" ===================
C:\WINDOWS\system32\lsass.exe
[2008-04-14 05:42] - [2008-04-14 05:42] - 0013312 ____A (Microsoft Corporation) bf2466b3e18e970d8a976fb95fc1ca85
C:\WINDOWS\system32\dllcache\lsass.exe
[2008-04-14 05:42] - [2008-04-14 05:42] - 0013312 ___AC (Microsoft Corporation) bf2466b3e18e970d8a976fb95fc1ca85
=== End Of Search ===

 

[Jay Pfoutz]

Doesn't seem infected. Let's do the following:

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
RP: -> 2012-10-30 16:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP528
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system


Run FRST within OTLPE and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[freshtag]

Sorry it took me so long to post back to you.

FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-11-2012
Ran by SYSTEM at 2012-11-19 08:00:54 Run:1
Running from E:\
==============================================
Could not restore SAM hive from Restore Point.
Could not restore SECURITY hive from Restore Point.
Could not restore Software hive from Restore Point.
Could not restore System hive from Restore Point.
Could not restore Default hive from Restore Point.
==== End of Fixlog ====

I am still getting the lsass.exe error when I restart the computer. It still will not go into the login screen. I get the same popup and when you click on OK it just restarts.

 

[Jay Pfoutz]

Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive.

Also download the attached fixlist.txt and save it to the flash drive.

Now please enter System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

 

[freshtag]

Where do I find the System Recovery Options "Command Prompt"? Is this when the computer starts up and under Safemode? or is this from the OTLPE disk. I'm a little confused.

 

[Jay Pfoutz]

My apologies. I was working with another user at the same time with the exact same issue as you. Yes, go to OTLPE first, then do the FRST stuff as described.

 

[freshtag]

Here is the new log file.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-11-2012
Ran by SYSTEM at 2012-11-20 08:07:26 Run:2
Running from E:\
==============================================
MBRDUMP.txt is made successfully.
==== End of Fixlog ====

 

[Jay Pfoutz]

Let me see a new log from FRST please.

 

[freshtag]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-11-2012 (ATTENTION: FRST version is 14 days old)
Ran by SYSTEM at 21-11-2012 09:43:34
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray [888832 2008-07-17] (Analog Devices, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2009-04-22] (Analog Devices, Inc.)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2010-07-13] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2010-07-19] ()
HKLM\...\Run: [PostCopy] C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe [20480 2001-07-25] ()
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [333376 2011-11-15] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [215360 2011-09-14] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Administrator.039-PC1160\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\awat6898\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\ctdrk039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\ctdrk039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\ctmaj039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\ctmaj039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\iscrs039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\iscrs039\...\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] ()
HKU\ismjj039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\jcoll4511\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\jcoll4511\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\LocalService\...\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" [4167376 2005-05-12] (Microsoft Corporation)
HKU\LocalService\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\NetworkService\...\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" [4167376 2005-05-12] (Microsoft Corporation)
HKU\NetworkService\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\rhud2803\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\rhud2803\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\rhud2803\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-14] (Google Inc.)
HKU\trjlk039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\trjlk039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\trjmg039\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\trjrh039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\trjrh039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whbab039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whdjg039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whdjg039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whjxp039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whjxp039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whjxp039\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-14] (Google Inc.)
HKU\whlat039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whlat039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whlmd039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
HKU\whtss039\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\whtss039\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [77824 2012-05-07] (Apple Computer, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.39.64.201 10.201.19.179
==================== Services (Whitelisted) ===================
2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
2 DWMRCS; C:\Windows\System32\DWRCS.EXE -service [241688 2010-04-07] (DameWare Development LLC)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 McAfee SiteAdvisor Enterprise Service; "C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe" [222528 2009-12-14] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [132672 2011-11-15] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166024 2012-07-17] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [209760 2011-09-14] (McAfee, Inc.)
2 mfevtp; "C:\WINDOWS\system32\mfevtps.exe" [148520 2012-07-17] (McAfee, Inc.)
2 NovacomD; C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe [33792 2010-01-12] (Palm)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [68160 2010-07-19] ()
3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe /service [246624 2009-09-18] (Microsoft Corporation)
3 SSI Client Installer; C:\WINDOWS\system32\SCInstallerNT.exe [512000 2012-05-08] (Scalable Software, Inc.)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2009-06-12] (Lenovo Group Limited)
2 TVT Scheduler; "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [1122304 2008-03-04] (Lenovo Group Limited)
2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2054680 2008-07-21] (Intel Corporation)
2 Wdworkstation; C:\WINDOWS\system32\wdnpsvc.exe [58672 2005-02-15] (NetManage Incorporated)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 SSI Survey Client; c:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE [x]
==================== Drivers (Whitelisted) ====================
3 COAX; C:\Windows\System32\Drivers\COAX.sys [18424 2005-02-15] (NetManage Incorporated)
3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [149600 2008-10-24] (Intel Corporation)
3 EL90X; C:\Windows\System32\DRIVERS\el90xnd5.sys [153631 2001-08-17] (3Com Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
0 iastor86; C:\Windows\System32\Drivers\iastor86.sys [327192 2009-04-20] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [119968 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180072 2012-07-17] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59288 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [461864 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87808 2012-07-17] (McAfee, Inc.)
1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89624 2012-07-17] (McAfee, Inc.)
3 MRXWDRDR; C:\Windows\System32\drivers\mrxwdnp.sys [267056 2005-02-15] (NetManage Incorporated)
3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-10-07] (Intel Corporation )
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
3 prepdrvr; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
3 RMBS; C:\Windows\System32\Drivers\RMBS.sys [17828 2005-02-15] (NetManage Incorporated)
3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [8704 2009-04-22] (Analog Devices, Inc.)
3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-01-13] (Silicon Laboratories)
3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2012-01-13] (Silicon Laboratories)
3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
3 TPM; C:\Windows\System32\DRIVERS\tpm.sys [18048 2008-02-10] (Winbond Electronics Corp.)
3 TWXWD; C:\Windows\System32\Drivers\TWXWD.sys [26964 2005-02-15] (NetManage Incorporated)
2 WDHLLKNL; C:\Windows\System32\Drivers\WDHLLKNL.sys [4784 2005-02-15] (NetManage Incorporated)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 mfeavfk01; [x]
1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 RCHelp; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-11-08 07:53 - 2012-11-08 07:53 - 00000000 ____D C:\FRST
2012-11-06 11:37 - 2012-11-08 11:25 - 00104400 ____A C:\OTL.Txt
2012-11-06 04:02 - 2012-11-06 04:02 - 00001661 ____N C:\rescue-system_scan.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00007896 ____A C:\Windows\KB2724197.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-10-26 05:48 - 2012-10-26 05:48 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-25 17:16 - 2012-10-25 17:16 - 00000000 ____D C:\Program Files\CleanUp!
2012-10-25 05:59 - 2012-10-25 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

==================== One Month Modified Files and Folders ========
2012-11-12 05:00 - 2012-11-12 01:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-08 11:25 - 2012-11-06 11:37 - 00104400 ____A C:\OTL.Txt
2012-11-08 07:53 - 2012-11-08 07:53 - 00000000 ____D C:\FRST
2012-11-06 04:02 - 2012-11-06 04:02 - 00001661 ____N C:\rescue-system_scan.log
2012-11-05 06:49 - 2011-08-10 05:22 - 00000428 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{FCAF0E76-02E6-4990-8072-D7632F31EE30}.job
2012-11-05 06:48 - 2012-05-07 23:17 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-11-05 06:48 - 2012-04-27 09:46 - 00000062 __ASH C:\Documents and Settings\rhud2803\Local Settings\desktop.ini
2012-11-05 06:48 - 2012-03-21 08:16 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0764c7317587.job
2012-11-05 06:48 - 2010-09-28 15:47 - 00034551 ____A C:\Documents and Settings\All Users\Application Data\SCD.LOG
2012-11-05 06:48 - 2010-09-28 15:47 - 00001848 ____A C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
2012-11-05 06:48 - 2009-04-21 09:35 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-05 06:48 - 2009-04-21 09:35 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-05 06:48 - 2009-04-21 09:35 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-05 06:48 - 2009-04-21 09:32 - 01544067 ____A C:\Windows\WindowsUpdate.log
2012-11-05 06:48 - 2009-04-21 09:30 - 00000816 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-05 06:48 - 2009-04-21 04:24 - 00000159 ____A C:\Windows\wiadebug.log
2012-11-05 06:48 - 2009-04-21 04:24 - 00000049 ____A C:\Windows\wiaservc.log
2012-11-05 06:48 - 2004-08-04 06:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-11-05 03:36 - 2009-04-21 04:18 - 00000245 _RASH C:\boot.ini
2012-11-02 13:34 - 2009-04-21 09:35 - 00031916 ____A C:\Windows\SchedLgU.Txt
2012-11-02 13:33 - 2012-04-27 09:46 - 00000278 ___SH C:\Documents and Settings\rhud2803\ntuser.ini
2012-11-02 13:32 - 2012-03-21 08:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd0764c73d6112.job
2012-11-02 13:27 - 2012-04-18 02:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-02 13:10 - 2012-04-30 11:24 - 00000000 ____D C:\Documents and Settings\rhud2803\Local Settings\Application Data\Deployment
2012-11-02 12:29 - 2012-04-27 09:45 - 00002521 ____A C:\Documents and Settings\rhud2803\Desktop\Microsoft Office Outlook 2003.lnk
2012-11-02 12:29 - 2009-04-21 04:22 - 00617894 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-11-02 12:26 - 2012-04-12 15:16 - 00000000 ____D C:\Windows\ccmhealth
2012-11-02 12:26 - 2010-07-15 10:33 - 00000463 ___AC C:\Windows\smscfg.ini
2012-11-02 11:04 - 2011-02-09 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-11-02 11:03 - 2012-11-02 11:03 - 00007896 ____A C:\Windows\KB2724197.log
2012-11-02 11:03 - 2012-11-02 11:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-11-02 11:03 - 2009-04-21 11:21 - 00000000 ___HD C:\Windows\$hf_mig$
2012-11-02 11:03 - 2009-04-21 04:23 - 01627306 ___AC C:\Windows\iis6.log
2012-11-02 11:03 - 2009-04-21 04:23 - 01471375 ___AC C:\Windows\FaxSetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00721113 ___AC C:\Windows\ocgen.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00693077 ___AC C:\Windows\tsoc.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00501995 ___AC C:\Windows\comsetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00454422 ___AC C:\Windows\msmqinst.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00302791 ___AC C:\Windows\ntdtcsetup.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00258887 ___AC C:\Windows\netfxocm.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00102081 ___AC C:\Windows\MedCtrOC.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00081724 ___AC C:\Windows\ocmsn.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00074648 ___AC C:\Windows\tabletoc.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00073965 ___AC C:\Windows\msgsocm.log
2012-11-02 11:03 - 2009-04-21 04:23 - 00001374 ____A C:\Windows\imsins.log
2012-11-02 07:45 - 2012-04-27 09:45 - 00000000 ____D C:\Documents and Settings\rhud2803\My Documents\PO Close log
2012-11-02 05:52 - 2012-04-27 09:46 - 00009422 _RASH C:\Documents and Settings\rhud2803\ntuser.pol
2012-11-02 05:49 - 2009-04-21 04:16 - 00000000 ____D C:\Windows\security
2012-11-01 06:00 - 2011-04-05 23:46 - 00000000 __SHD C:\Windows\CSC
2012-10-31 05:52 - 2010-10-08 16:22 - 00000278 __ASH C:\Documents and Settings\whjxp039\ntuser.ini
2012-10-30 20:59 - 2010-10-08 16:22 - 00000062 _ASHC C:\Documents and Settings\whjxp039\Local Settings\desktop.ini
2012-10-26 05:48 - 2012-10-26 05:48 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-25 17:22 - 2010-09-28 15:11 - 00000000 ___HD C:\Windows\System32\dwrcssft
2012-10-25 17:16 - 2012-10-25 17:16 - 00000000 ____D C:\Program Files\CleanUp!
2012-10-25 06:00 - 2009-04-21 09:31 - 00023352 ___AC C:\Windows\wmsetup.log
2012-10-25 05:59 - 2012-10-25 05:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2012-10-25 05:59 - 2009-04-21 04:22 - 00342781 ____A C:\Windows\setupapi.log
2012-10-25 05:59 - 2009-04-21 04:22 - 00003261 ____A C:\Windows\setupact.log
2012-10-24 05:54 - 2012-04-18 02:07 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-24 05:54 - 2012-02-25 05:37 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-02 11:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP531
RP: -> 2012-11-02 06:54 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP530
RP: -> 2012-11-01 06:49 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP529
RP: -> 2012-10-30 16:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP528
RP: -> 2012-10-29 15:17 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP527
RP: -> 2012-10-25 19:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP526
RP: -> 2012-10-24 18:44 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP525
RP: -> 2012-10-23 18:42 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP524
RP: -> 2012-10-22 18:19 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP523
RP: -> 2012-10-21 18:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP522
RP: -> 2012-10-19 12:08 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP521
RP: -> 2012-10-18 12:03 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP520
RP: -> 2012-10-17 10:49 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP519
RP: -> 2012-10-16 07:59 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP518
RP: -> 2012-10-15 06:23 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP517
RP: -> 2012-10-10 20:35 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP516
RP: -> 2012-10-09 19:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP515
RP: -> 2012-10-07 19:38 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP513
RP: -> 2012-10-05 11:01 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP512
RP: -> 2012-10-04 23:14 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP511
RP: -> 2012-10-03 14:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP509
RP: -> 2012-10-02 14:09 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP508
RP: -> 2012-10-01 12:35 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP507
RP: -> 2012-09-30 09:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP506
RP: -> 2012-09-29 08:57 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP505
RP: -> 2012-09-27 18:55 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP503
RP: -> 2012-09-26 17:16 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP501
RP: -> 2012-09-24 18:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP499
RP: -> 2012-09-23 16:41 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP498
RP: -> 2012-09-21 11:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP497
RP: -> 2012-09-20 22:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP496
RP: -> 2012-09-19 22:48 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP495
RP: -> 2012-09-18 21:43 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP494
RP: -> 2012-09-17 20:40 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP493
RP: -> 2012-09-16 20:33 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP492
RP: -> 2012-09-15 19:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP491
RP: -> 2012-09-14 19:10 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP490
RP: -> 2012-09-13 18:36 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP489
RP: -> 2012-09-12 17:23 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP488
RP: -> 2012-09-11 16:29 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP487
RP: -> 2012-09-10 15:57 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP486
RP: -> 2012-09-09 15:15 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP485
RP: -> 2012-09-06 16:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP484
RP: -> 2012-09-05 15:45 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP483
RP: -> 2012-09-04 15:05 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP482
RP: -> 2012-09-03 13:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP481
RP: -> 2012-09-02 12:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP480
RP: -> 2012-09-01 11:22 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP479
RP: -> 2012-08-31 10:52 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP478
RP: -> 2012-08-30 06:15 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP477
RP: -> 2012-08-28 17:36 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP476
RP: -> 2012-08-27 17:00 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP475
RP: -> 2012-08-26 16:26 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP474
RP: -> 2012-08-23 21:48 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP473
RP: -> 2012-08-22 21:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP472
RP: -> 2012-08-21 21:09 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP471
RP: -> 2012-08-20 20:58 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP470
RP: -> 2012-08-19 20:26 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP469
RP: -> 2012-08-18 18:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP468
RP: -> 2012-08-17 17:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP467
RP: -> 2012-08-16 17:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP466
RP: -> 2012-08-15 16:19 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP465
RP: -> 2012-08-14 15:53 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP464
RP: -> 2012-08-13 15:18 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP463
RP: -> 2012-08-12 15:18 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP462
RP: -> 2012-08-09 16:27 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP461
RP: -> 2012-08-08 16:13 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP460
RP: -> 2012-08-07 15:25 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP459
RP: -> 2012-08-06 15:02 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP458
RP: -> 2012-08-05 14:56 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP457

==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 1884.1 MB
Available physical RAM: 1612.95 MB
Total Pagefile: 1715.73 MB
Available Pagefile: 1653.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:232.88 GB) (Free:200.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive e: () (Removable) (Total:1.91 GB) (Free:1.52 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 1024 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 233 GB Healthy
=========================================================
==================== End Of Log ============================

 

[Jay Pfoutz]

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
RP: -> 2012-10-30 16:12 - 032768 _restore{01ED8483-F5BF-4A03-910A-F8B9F6E9C566}\RP528
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[freshtag]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-11-2012
Ran by SYSTEM at 2012-11-23 10:17:43 Run:3
Running from E:\
==============================================
Could not restore SAM hive from Restore Point.
Could not restore SECURITY hive from Restore Point.
Could not restore Software hive from Restore Point.
Could not restore System hive from Restore Point.
Could not restore Default hive from Restore Point.
==== End of Fixlog ====


The computer still will not boot. I get the lsass.exe error still and when you click OK it just reboots.

 

[Jay Pfoutz]

Please do a format and reinstall of Windows XP...

http://www.helpmyos.com/t1307-how-to-reformat-and-reinstall-your-operating-system-the-easy-way

If you need extended help, this section should be of service: https://www.techspot.com/community/forums/windows-os.15/

Thanks for your patience, as we tried. But, from what it appears, there is more to it than just a lsass.exe error, and I cannot find anything else wrong with the system.

Topic marked closed.