LSASS.EXE Application Error

View previous topic View next topic Go down

LSASS.EXE Application Error

Post by lmw2583 on Thu Feb 25, 2010 11:30 pm

Hi,

Windows XP HE will not boot up on my Dell Inspiron 6000 laptop. All that I receive is an error message saying

"lsass.exe - Application Error
The application failed to initialise properly (0x0000005). Click on OK to terminate the application"

I have tried to reboot in Safe Mode, Safe Mode with Command Prompt and from Last Know Good Configuration with no success. I have also done some research and i believe that it may be the sasser virus, but what do i know.

Any help would be greatly appreciated

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Fri Feb 26, 2010 2:12 pm

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Fri Feb 26, 2010 5:29 pm

Apologies, I should have clarified that I am unable to load my laptop at all. Windows XP does not fully load, therefore I do not even get to the user login before the lsass error message appears.

I do however have access to a PC (hence this post)

Therefore I assume there is another way to fix the problem, unless I am missing something from your post.

Thanks in advance for any further assistance.

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Fri Feb 26, 2010 6:56 pm

First
[You must be registered and logged in to see this link.] this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. [You must be registered and logged in to see this link.]

Second
  • Download [You must be registered and logged in to see this link.] and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Sun Feb 28, 2010 11:10 pm

OTL logfile created on: 2/28/2010 8:07:35 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 806.00 Mb Available Physical Memory | 79.00% Memory free
907.00 Mb Paging File | 845.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.42 Gb Total Space | 35.03 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2009/08/29 18:53:09 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/21 05:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/09 03:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 09:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/09/21 09:29:56 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 18:29:02 | 000,356,352 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/13 06:43:16 | 001,486,848 | ---- | M] (Inventel) [Auto] -- C:\Program Files\Inventel\Gateway\wlancfg.exe -- (Wlancfg)
SRV - [2004/09/07 11:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 11:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 11:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 11:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Emma_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 15:29:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 15:29:51 | 000,000,000 | ---D | M]

[2009/09/23 07:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 16:25:05 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/06/12 17:50:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/12 17:50:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/12 17:50:20 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/12 17:50:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\Admin_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Emma_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lee_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lee_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Mandy_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Emma_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandy_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 08:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 20:05:00 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/28 20:03:43 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/28 20:03:42 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/28 20:03:42 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/28 20:03:42 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/28 20:03:42 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/28 20:03:42 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/28 20:03:42 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/28 20:03:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 20:05:37 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/28 14:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 14:55:55 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 20:03:43 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/28 20:03:43 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/28 20:03:43 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/28 20:03:43 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/28 20:03:43 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/28 20:03:43 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/28 20:03:43 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/28 20:03:43 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/28 20:03:43 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/28 20:03:43 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/28 20:03:43 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/28 20:03:43 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/28 20:03:43 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/28 20:03:43 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/28 20:03:43 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/28 20:03:43 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/28 20:03:43 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/28 14:50:01 | 1073,152,000 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/01 09:50:17 | 000,006,802 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Application Data\PrimoPDFSet.xml
[2009/10/01 09:50:15 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/10/01 09:47:34 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/05 16:34:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2009/02/05 03:49:00 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/11/20 14:46:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\fusioncache.dat
[2007/12/22 12:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/10/18 11:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/03/12 15:40:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/22 23:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/29 13:46:32 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/09 14:50:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/05/29 15:49:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2006/03/30 07:55:51 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/30 07:55:51 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/30 07:55:51 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/03/06 13:43:19 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/14 18:04:23 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 09:41:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\fusioncache.dat
[2005/12/20 18:22:02 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/20 13:53:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 09:17:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2005/11/17 06:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 06:11:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/17 05:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/17 05:41:08 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/12 03:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 08:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/07 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Betting Assistant
[2009/02/05 03:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\deskPDF
[2007/03/06 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Leadertech
[2009/06/01 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\LimeWire
[2009/10/16 05:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Spotify
[2008/11/25 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Template
[2008/07/13 13:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\DAEMON Tools
[2008/05/04 10:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Image Zone Express
[2006/05/29 13:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Leadertech
[2005/11/25 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Template

========== Purity Check ==========


< End of report >

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Mon Mar 01, 2010 4:55 am

Please open OTLPE

Under the Custom Scan box paste this in:

/md5start
iaStor.sys
atapi.sys
/md5stop


Push the Quick Scan button.

Please post back with the logfile.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Mon Mar 01, 2010 10:33 am

OTL logfile created on: 3/1/2010 7:25:29 AM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 806.00 Mb Available Physical Memory | 79.00% Memory free
907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.42 Gb Total Space | 35.04 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2009/08/29 18:53:09 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/21 05:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/09 03:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 09:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/09/21 09:29:56 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 18:29:02 | 000,356,352 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/13 06:43:16 | 001,486,848 | ---- | M] (Inventel) [Auto] -- C:\Program Files\Inventel\Gateway\wlancfg.exe -- (Wlancfg)
SRV - [2004/09/07 11:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 11:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 11:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 11:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Emma_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 15:29:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 15:29:51 | 000,000,000 | ---D | M]

[2009/09/23 07:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 16:25:05 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/06/12 17:50:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/12 17:50:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/12 17:50:20 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/12 17:50:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\Admin_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Emma_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lee_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lee_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Mandy_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Emma_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandy_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 08:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/01 06:59:33 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/01 06:58:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/01 06:58:16 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/01 06:58:16 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/01 06:58:16 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/01 06:58:16 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/01 06:58:16 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/01 06:58:16 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/01 06:58:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/28 20:11:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\IETldCache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/01 07:23:35 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/28 20:12:10 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/28 14:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 14:55:55 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 06:58:17 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/01 06:58:17 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/01 06:58:17 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/01 06:58:17 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/01 06:58:17 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/01 06:58:17 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/01 06:58:17 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/01 06:58:17 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/01 06:58:17 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/01 06:58:17 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/01 06:58:17 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/01 06:58:17 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/01 06:58:17 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/01 06:58:17 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/01 06:58:17 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/01 06:58:17 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/01 06:58:17 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/28 14:50:01 | 1073,152,000 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/01 09:50:17 | 000,006,802 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Application Data\PrimoPDFSet.xml
[2009/10/01 09:50:15 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/10/01 09:47:34 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/05 16:34:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2009/02/05 03:49:00 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/11/20 14:46:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\fusioncache.dat
[2007/12/22 12:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/10/18 11:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/03/12 15:40:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/22 23:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/29 13:46:32 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/09 14:50:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/05/29 15:49:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2006/03/30 07:55:51 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/30 07:55:51 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/30 07:55:51 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/03/06 13:43:19 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/14 18:04:23 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 09:41:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\fusioncache.dat
[2005/12/20 18:22:02 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/20 13:53:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 09:17:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2005/11/17 06:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 06:11:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/17 05:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/17 05:41:08 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/12 03:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 08:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/07 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Betting Assistant
[2009/02/05 03:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\deskPDF
[2007/03/06 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Leadertech
[2009/06/01 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\LimeWire
[2009/10/16 05:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Spotify
[2008/11/25 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Template
[2008/07/13 13:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\DAEMON Tools
[2008/05/04 10:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Image Zone Express
[2006/05/29 13:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Leadertech
[2005/11/25 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< End of report >

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Mon Mar 01, 2010 2:55 pm

Let's try a new one here, please.

Please open OTLPE

Under the Custom Scan
box paste this in:

/md5start
iaStor.sys
iastorv.sys
lsass.exe
/md5stop


Push
the Quick Scan button.

Please post back with the logfile.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Mon Mar 01, 2010 4:07 pm

OTL logfile created on: 3/1/2010 12:53:42 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 806.00 Mb Available Physical Memory | 79.00% Memory free
907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.42 Gb Total Space | 35.04 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2009/08/29 18:53:09 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/21 05:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/09 03:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 09:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/09/21 09:29:56 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 18:29:02 | 000,356,352 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/13 06:43:16 | 001,486,848 | ---- | M] (Inventel) [Auto] -- C:\Program Files\Inventel\Gateway\wlancfg.exe -- (Wlancfg)
SRV - [2004/09/07 11:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 11:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 11:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 11:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Emma_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 15:29:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 15:29:51 | 000,000,000 | ---D | M]

[2009/09/23 07:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 16:25:05 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/06/12 17:50:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/12 17:50:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/12 17:50:20 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/12 17:50:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\Admin_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Emma_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lee_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lee_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Mandy_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Emma_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandy_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 08:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/01 12:29:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/01 12:28:26 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/01 12:28:26 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/01 12:28:26 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/01 12:28:26 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/01 12:28:26 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/01 12:28:26 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/01 12:28:26 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/28 20:11:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\IETldCache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/01 12:34:59 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/01 07:57:01 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/28 14:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 14:55:55 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 12:28:26 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/01 12:28:26 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/01 12:28:26 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/01 12:28:26 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/01 12:28:26 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/01 12:28:26 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/01 12:28:26 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/01 12:28:26 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/01 12:28:26 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/01 12:28:26 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/01 12:28:26 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/01 12:28:26 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/01 12:28:26 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/01 12:28:26 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/01 12:28:26 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/01 12:28:26 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/01 12:28:26 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/28 14:50:01 | 1073,152,000 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/01 09:50:17 | 000,006,802 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Application Data\PrimoPDFSet.xml
[2009/10/01 09:50:15 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/10/01 09:47:34 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/05 16:34:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2009/02/05 03:49:00 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/11/20 14:46:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\fusioncache.dat
[2007/12/22 12:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/10/18 11:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/03/12 15:40:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/22 23:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/29 13:46:32 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/09 14:50:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/05/29 15:49:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2006/03/30 07:55:51 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/30 07:55:51 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/30 07:55:51 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/03/06 13:43:19 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/14 18:04:23 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 09:41:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\fusioncache.dat
[2005/12/20 18:22:02 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/20 13:53:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 09:17:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2005/11/17 06:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 06:11:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/17 05:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/17 05:41:08 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/12 03:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 08:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/07 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Betting Assistant
[2009/02/05 03:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\deskPDF
[2007/03/06 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Leadertech
[2009/06/01 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\LimeWire
[2009/10/16 05:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Spotify
[2008/11/25 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Template
[2008/07/13 13:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\DAEMON Tools
[2008/05/04 10:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Image Zone Express
[2006/05/29 13:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Leadertech
[2005/11/25 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: LSASS.EXE >
[2004/08/04 00:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\i386\lsass.exe
[2004/08/04 00:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< End of report >

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Tue Mar 02, 2010 4:42 am

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\WINDOWS\system32\lsass.exe|C:\i386\lsass.exe /replace


  • Return to OTLPE, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTLPE

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Tue Mar 02, 2010 8:10 pm

========== FILES ==========
File C:\WINDOWS\system32\lsass.exe successfully replaced with C:\i386\lsass.exe

OTLPE by OldTimer - Version 3.1.30.1 log created on 03022010_171149

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Tue Mar 02, 2010 9:10 pm

Now try to start the computer normally. Will it start?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Tue Mar 02, 2010 9:36 pm

Hi,

No unfortunately the same error message still appears after two attempts to start the computer normally.

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Wed Mar 03, 2010 5:03 am

Please open OTLPE...

Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


Then push the Quick Scan button. Lastly, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Wed Mar 03, 2010 5:08 pm

OTL logfile created on: 3/3/2010 1:58:02 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 797.00 Mb Available Physical Memory | 78.00% Memory free
907.00 Mb Paging File | 836.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.42 Gb Total Space | 35.04 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive D: | 3.76 Gb Total Space | 3.66 Gb Free Space | 97.48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2009/08/29 18:53:09 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/21 05:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/09 03:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 09:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/09/21 09:29:56 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 18:29:02 | 000,356,352 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/13 06:43:16 | 001,486,848 | ---- | M] (Inventel) [Auto] -- C:\Program Files\Inventel\Gateway\wlancfg.exe -- (Wlancfg)
SRV - [2004/09/07 11:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 11:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 11:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 11:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emma_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Emma_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Lee_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Lee_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandy_Williams_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
IE - HKU\Mandy_Williams_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 15:29:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 15:29:51 | 000,000,000 | ---D | M]

[2009/09/23 07:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 16:25:05 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/06/12 17:50:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/12 17:50:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/12 17:50:20 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/12 17:50:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Emma_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lee_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Mandy_Williams_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\Admin_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Emma_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lee_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lee_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Mandy_Williams_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Mandy_Williams_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Mandy_Williams_ON_C..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Emma_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandy_Williams_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [You must be registered and logged in to see this link.] (DeviceEnum Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 08:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 07:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{FD3F5707-4F67-40E2-9B2A-8495121A373F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: midi9 - C:\WINDOWS\errq.old ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Wed Mar 03, 2010 5:08 pm

========== Files/Folders - Created Within 14 Days ==========

[2010/03/03 13:51:44 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/03 13:50:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/03 13:50:28 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/03 13:50:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/03 13:50:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/03 13:50:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/03 13:50:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/03 13:50:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/03 13:50:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 17:11:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 20:11:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\IETldCache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/03 13:52:52 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 08:45:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 08:45:19 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/02 17:13:14 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Lee Williams\Desktop\*.tmp files -> C:\Documents and Settings\Lee Williams\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 13:50:29 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/03 13:50:29 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/03 13:50:29 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/03 13:50:29 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/03 13:50:29 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/03 13:50:29 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/03 13:50:29 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/03 13:50:29 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/03 13:50:29 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/03 13:50:29 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/03 13:50:29 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/03 13:50:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/03 13:50:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/03 13:50:29 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/03 13:50:29 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 13:50:29 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/03 13:50:29 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/28 14:50:01 | 1073,152,000 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/01 09:50:17 | 000,006,802 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Application Data\PrimoPDFSet.xml
[2009/10/01 09:50:15 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/10/01 09:47:34 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/05 16:34:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2009/02/05 03:49:00 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/11/20 14:46:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\fusioncache.dat
[2007/12/22 12:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/10/18 11:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/03/12 15:40:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/22 23:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/29 13:46:32 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/09 14:50:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/05/29 15:49:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2006/03/30 07:55:51 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/30 07:55:51 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/30 07:55:51 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/03/06 13:43:19 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/14 18:04:23 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Lee Williams\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 09:41:09 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Mandy Williams\Local Settings\Application Data\fusioncache.dat
[2005/12/20 18:22:02 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/20 13:53:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 09:17:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2005/11/17 06:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 06:11:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/17 05:42:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/17 05:41:08 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/12 03:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 08:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/07 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Betting Assistant
[2009/02/05 03:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\deskPDF
[2007/03/06 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Leadertech
[2009/06/01 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\LimeWire
[2009/10/16 05:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Spotify
[2008/11/25 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Williams\Application Data\Template
[2008/07/13 13:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\DAEMON Tools
[2008/05/04 10:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Image Zone Express
[2006/05/29 13:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Leadertech
[2005/11/25 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy Williams\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-10-15 08:37:32


< MD5 for: AGP440.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/13 05:07:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 00:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/04 00:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/04 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 00:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/04 00:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 00:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\i386\kernel32.dll
[2004/08/04 00:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 00:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/04 00:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 00:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/04 00:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 00:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\i386\ntfs.sys
[2004/08/04 00:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 00:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/04 00:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/04 00:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/04 00:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 00:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\i386\spoolsv.exe
[2004/08/04 00:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 00:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/04 00:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 00:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\i386\termsrv.dll
[2004/08/04 00:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/04 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 00:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/04 00:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2009/08/29 03:08:16 | 011,069,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2009/08/29 03:08:18 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 19:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 19:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Wed Mar 03, 2010 10:13 pm

Do you have a Windows XP cd, or at least the Recovery Console installed?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by lmw2583 on Thu Mar 04, 2010 5:27 pm

I no longer have my XP cd due to recently moving and I also use Windows Vista on my PC. I am not too sure if I have the Recovery Console installed, how would I find out?

Apologies for the vague answers and for the duration of the problem. Thus far I have really appreciated all of your help.

lmw2583
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 25006
# Likes # Likes : 0

View user profile

Back to top Go down

Re: LSASS.EXE Application Error

Post by Dr Jay on Thu Mar 04, 2010 8:29 pm


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Thu Mar 04, 2010 10:04 pm

    I cannot access my laptops Desktop, the only way I can get the laptop to load is with Reatogo-x-pe.

    Please could you eloborate as to how I can load Win32kDiag.exe on the laptop.

    Thanks

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Thu Mar 04, 2010 10:44 pm

    Oops...my bad. I was in a hurry earlier.

    You can see if the Recovery Console is started when you boot your computer and you see two or more items listed.

    One is probably your Operating System

    The other is Windows XP Recovery Console

    ====

    Let me know if you have that, please.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Fri Mar 05, 2010 10:15 am

    No, unfortunately it is not there. It just lists my Operating System.

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Fri Mar 05, 2010 3:40 pm

    Download [You must be registered and logged in to see this link.] and save it somewhere you can find it.

    Download [You must be registered and logged in to see this link.] and install it.

    Start MagicISO. When it asks you to register, just close that window...the
    program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

    In the upper right pane, double click on the i386 folder to expand it. In the toolbar menu, click on the "Add File" icon (just under "Total Size: 7M") and navigate to C:\Windows\System32...locate and select userinit.exe...click "Open".

    Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

    Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

    Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
    RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
    drop-down menu, choose the top 8X setting. Format should have "Mode 1"
    selected...if not, select it. Click on the "Burn It!" button.



    Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD just as you did with the OEM disk and enter Recovery Console just as you did before.

    At the C:\Windows> prompt, Type the following commands, pressing Enter after each one. Again, note the spaces.

    d:
    cd i386
    copy userinit.exe c:\windows\system32
    exit
    After inputting the third command, you should receive the message "1 file
    copied"...which will indicate that the operation succeeded.

    See if Windows will let you log on.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Fri Mar 05, 2010 6:26 pm

    Went through all of the above but unfortunately the same error came up and windows did not allow my to log on.

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Sat Mar 06, 2010 3:23 am

    Ok. Now let's scan for malware to see what we can find.

    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
    • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
    • Just double-click on the rescue system package to burn it to a CD/DVD.
    • Then please use that CD/DVD with Avira Rescue System to boot your computer.
    You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


    Press the number 2 on your keyboard to boot into AntiVir Rescue System.

    Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


    Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


    Then please start the scan.

    The Avira AntiVir Rescue System wil now

    • repair a damaged system,
    • rescue data,
    • scan the system for virus infections.


    Let me know if the computer can boot after this tool has scanned and removed malware.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Sat Mar 06, 2010 11:34 pm

    No luck I'm afraid...it's not looking too good for the laptop.

    Avira did not even find any "Suspect files"

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Sun Mar 07, 2010 2:50 am

    Back to the Recovery Console:

    Type in the following pressing enter after each line:

    d:
    cd i386
    copy iastor.sys c:\windows\system32\drivers
    copy atapi.sys c:\windows\system32\drivers
    copy lsass.exe C:\windows\system32
    exit



    Try to boot, did it work?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Sun Mar 07, 2010 10:36 am

    Well there's been some progress.

    I replaced all three files of which the iastor.sys file did not need to be overwritten, so i'm guessing it was not present on my laptop.

    Now when I try to boot the laptop a blue screen appears with the following message: -

    " A problem has been detected and windows has been shut down to prevent damage to your computer.
    If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

    Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated.
    Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

    Technical Information:

    ***STOP: 0x0000007B (0xf7c0d528, 0xc0000034, 0x00000000, 0x00000000)"

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Mon Mar 08, 2010 4:40 am

    In the Recovery Console, run this command:

    chkdsk /f


    then let me know if it helps.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Mon Mar 08, 2010 8:40 pm

    Tried to run chkdsk /f but it returned

    "Invalid parametres type /? for Help"

    Recovery Console did however give me the options of: -

    CHKDSK /p
    CHKDSK /r

    with recommendations for running /p then /r then /p again. I did exactly that and it returned with CHKDSK finding one or more errors after /p then CHKDSK repairing one or more errors after /r and finally CHKDSK finished the scan with no errors after the second /p scan.

    After all that on booting the laptop up the same error screen as mentioned in my previous post appeared.

    Hope that makes sense.

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Mon Mar 08, 2010 8:53 pm

    In the following article, it asks you to reformat and reinstall Windows.
    [You must be registered and logged in to see this link.]

    I am sorry you have to reinstall Windows, but you have over two bootable disk errors, which signify severe corruption on the partition itself, not Microsoft Windows. In the event this happens, it is best to just delete or format the partition that Windows sits on, then create a new simple volume to let a fresh install of Windows to lie on.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by lmw2583 on Mon Mar 08, 2010 9:19 pm

    Ok no worries, I am extremely grateful for all of your time and help.

    Does this mean that I will lose all of the data on my laptop? I have lots of files on my laptop that are extremely important.

    Any further help would again be extremely appreciated.

    lmw2583
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2010-02-25
    OS OS : Windows XP
    Points Points : 25006
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: LSASS.EXE Application Error

    Post by Dr Jay on Mon Mar 08, 2010 10:40 pm

    On OTLPE, you might be able to transfer files to a flash drive, then you might save the data.

    I still have some testing to do on OTLPPE to be sure of that.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum