View Full Version : Help with my computer, Bad_Pool_Caller that led to some weird file recovery behaviour
Hi again,
So...it's almost a year to the day when you last helped me with my machine. Something about August?!
I ran into a problem this morning that alarmed me and I wanted to seek your sage advice.
I checked some email this morning successfully. I didn't open anything, just deleted and swept the usual junk mail.
My wife later wanted to check her emails about 1hr after but found the blue screen of death up with a complaint about
Bad_Pool_Caller.
I restarted the machine and it started going through its paces when it just stopped. The screen went black. I turned off the screen, then turned it back on and found the "no signal" message, as if my computer disconnected from the screen.
I restarted using "f8", safe mode. It went into chkdsk mode and ran for awhile dredging up files that I had deleted off my external drive (drive f:). After awhile (about 30min) it died again, black screen, "no signal".
I have since restarted in safe mode two additional times, each time it seems to have gotten further through the old deleted files, and now, my machine is up...but I'm very worried.
I'm sending following in my next post...
DDS.txt and attach.txt zipped and the log from aswMBR. I hope it's nothing serious, but I'll leave it in your capable hands...again:)
Many Thanks
AWhang
*****DDS.txt*******
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.4.1
Run by alexander at 7:35:19 on 2012-08-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2123 [GMT -7:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\alexander\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Documents and Settings\alexander\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Translator: {ff284f5c-7cf9-4682-8701-d467c1dbb99f} - c:\program files\prmt7\prmtie\prmtie.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\alexander\local settings\application data\akamai\netsession_win.exe"
uRun: [EPSON Stylus C80 Series] c:\windows\system32\spool\drivers\w32x86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB002" /M "Stylus C80"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alexan~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\prmt7\prmtie\prmtie5.htm
IE: {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\prmt7\prmtie\options.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343052628375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
TCP: Interfaces\{7A41F945-17A9-4E84-92CD-7EE3CB9E0AAB} : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alexander\application data\mozilla\firefox\profiles\fwwqxfij.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-15 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-15 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-15 29712]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-15 243152]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2012-2-20 1373480]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-5-28 36224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-2-15 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-15 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-15 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-15 26192]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-5-28 134912]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-2-15 30104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-20 96416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-20 12704]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-20 121504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 15:07:44 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07:43 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07:42 17408 ------w- c:\windows\system32\corpol.dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 13:30:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 13:30:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2009-11-20 04:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 04:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 7:38:22.71 ===============
***end DDS.txt***
***aswMBR.txt***
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 20:52:14
-----------------------------
20:52:14.078 OS Version: Windows 5.1.2600 Service Pack 3
20:52:14.078 Number of processors: 2 586 0x304
20:52:14.078 ComputerName: GROUCHO UserName:
20:52:15.156 Initialize success
20:55:53.515 AVAST engine defs: 12082800
20:56:04.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
20:56:04.968 Disk 0 Vendor: WDC_WD2500JD-75HBC0 08.02D08 Size: 238418MB BusType: 3
20:56:05.000 Disk 0 MBR read successfully
20:56:05.000 Disk 0 MBR scan
20:56:05.031 Disk 0 unknown MBR code
20:56:05.046 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
20:56:05.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234425 MB offset 96390
20:56:05.125 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3937 MB offset 480198915
20:56:05.125 Disk 0 scanning sectors +488263545
20:56:05.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:56:23.515 Service scanning
20:56:49.906 Modules scanning
20:57:03.671 Module: C:\WINDOWS\system32\drivers\hardlock.sys **SUSPICIOUS**
20:57:08.937 Disk 0 trace - called modules:
20:57:08.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:57:09.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2afab8]
20:57:09.000 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b294d98]
20:57:10.718 AVAST engine scan C:\WINDOWS
20:57:35.718 AVAST engine scan C:\WINDOWS\system32
21:02:07.562 AVAST engine scan C:\WINDOWS\system32\drivers
21:02:45.640 AVAST engine scan C:\Documents and Settings\alexander
21:16:45.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alexander\Desktop\MBR.dat"
21:16:45.250 The log file has been saved successfully to "C:\Documents and Settings\alexander\Desktop\aswMBR.txt"
***end aswMBR.txt***
Sorry about the mix-up.
-AWhang
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Sorry for the delay.
Bad_Pool_Caller <--This is not malware but can range from anything from bad memory or a failing hard drive and many more things, sometimes its a real problem trying to find whats causing it
http://www.werockyourweb.com/forums/what-is-akamai-netsession-client-netsession-win-exe
This can cause issues on your system, if you did not install it you can uninstall it via Add Remove Programs in the Control Panel
C:\Documents and Settings\alexander\Local Settings\Application Data\Akamai\netsession_win.exe
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Hello Ken545,
Thanks for taking up my problem. I'm glad to hear that it's not an attack, but it is worrisome that it may be a failing hard-drive.
Per your suggestion and reading the reference material, I have removed Akamai which probably came with one of my portable drives.
I had Malwarebyte already installed and I updated per your suggestion. It didn't find anything unusual.
I also ran OTL per your settings and I'm including the logs as you requested.
Thank you
-AW
***********Malwarebyte Log********
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.09.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
alexander :: GROUCHO [administrator]
9/9/2012 10:44:54 AM
mbam-log-2012-09-09 (10-44-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300627
Time elapsed: 38 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
*****OTL.txt log******
OTL logfile created on: 9/9/2012 11:46:28 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.41% Memory free
4.35 Gb Paging File | 3.11 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 59.08 Gb Free Space | 25.81% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.76 Gb Total Space | 317.11 Gb Free Space | 68.09% Space Free | Partition Type: NTFS
Computer Name: GROUCHO | User Name: alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Install\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec5fcfae\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6a4e1155\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_faf71b46\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_81e351c0\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_be00b8c1\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll ()
MOD - c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
========== Services (SafeList) ==========
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- D:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (ArcRec) -- C:\WINDOWS\System32\drivers\ArcRec.sys (ArcSoft Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (DS1410D) -- C:\WINDOWS\system32\drivers\ds1410d.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes,DefaultScope = {A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0861DC62-0661-49CD-90FA-172301091631}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{3D8B591C-547E-4531-82E8-7D9AAB7BEB6F}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{5E2976EF-E4D1-4422-9C01-FD433302A54B}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A7012C74-A613-46C9-B6D5-D77ADAA9847F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{F318742B-0E3C-4E8B-999A-7A3183FA9BC3}: "URL" = http://search.ebay.com/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{FC61465B-8AE1-4656-B9F7-D0A24E99C18A}: "URL" = http://losangeles.craigslist.org/search/sss?query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 04:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 07:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 07:35:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\videofinder4 [2008/03/21 15:18:28 | 000,000,000 | ---D | M]
[2009/01/11 16:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Extensions
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions
[2010/04/28 23:14:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\piclens@cooliris.com
[2012/03/17 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/23 07:53:25 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 11:54:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/03/09 18:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/09 18:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/12 21:58:33 | 000,443,264 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15251 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Translator) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT7\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\alexander\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\alexander\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\eileen\Start Menu\Programs\Startup\Kuma_Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra 'Tools' menuitem : Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm ()
O9 - Extra 'Tools' menuitem : Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\OPTIONS.HTM ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343052628375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A41F945-17A9-4E84-92CD-7EE3CB9E0AAB}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/18 12:29:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 12:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/09 03:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/09 03:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/27 21:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alexander\Desktop\20120827_saferNetworkingForum
[2012/08/27 07:36:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/09 04:37:20 | 094,077,353 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/09/09 04:27:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2012/09/04 15:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/01 04:37:06 | 000,627,150 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2012/08/30 20:34:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/30 20:31:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/30 20:30:58 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 20:30:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/08/30 20:30:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/08/29 23:07:13 | 001,543,184 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 23:05:28 | 001,590,052 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/27 07:36:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2012/08/21 23:09:41 | 018,377,077 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/19 03:32:12 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:14:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 21:02:49 | 000,048,907 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/14 00:06:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/13 21:28:13 | 000,398,330 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf
[2012/08/12 21:58:33 | 000,443,264 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/30 20:30:58 | 3219,279,872 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/29 23:07:13 | 001,543,184 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 22:57:55 | 001,590,052 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/21 23:09:40 | 018,377,077 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/14 21:02:49 | 000,048,907 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/13 21:28:13 | 000,398,330 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf
[2012/07/23 07:30:42 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2012/02/16 11:27:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 23:48:40 | 000,010,431 | ---- | C] () -- C:\Documents and Settings\alexander\.recently-used.xbel
[2011/08/22 13:58:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/15 14:30:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2011/06/25 08:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/25 08:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/16 15:14:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 15:14:38 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 15:14:38 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 15:14:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 14:58:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/18 00:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2008/10/02 22:56:25 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\alexander\Application Data\default.pls
[2008/09/30 05:55:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\alexander\.rnd
[2006/09/20 21:48:39 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2006/09/20 21:48:39 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2006/04/24 21:40:43 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/28 15:04:28 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.tif
[2006/03/28 15:04:28 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.dat
[2005/06/28 07:51:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\fusioncache.dat
========== LOP Check ==========
[2006/08/06 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\ACD Systems
[2011/12/06 23:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Audacity
[2012/02/19 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Autodesk
[2010/09/09 07:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\AVG9
[2008/09/26 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Canneverbe_Limited
[2011/12/10 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Catalina Marketing Corp
[2010/07/24 18:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Clone2Go DVD Ripper
[2012/01/20 23:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\gtk-2.0
[2009/02/01 00:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IRISPen
[2009/02/01 00:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IrisPen6
[2005/06/28 09:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Leadertech
[2009/07/10 22:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Lost Marble
[2005/09/21 14:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\MayaWebBrowser
[2005/06/28 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Musicmatch
[2010/09/02 15:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\No Company Name
[2009/01/23 23:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\OfficeUpdate12
[2012/05/03 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Oracle
[2007/05/16 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Snapfish
[2012/08/16 06:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\wargaming.net
[2012/02/20 01:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/08/11 03:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/05/06 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/03/14 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/10 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/07/20 22:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/18 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/02/01 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PROject MT
[2007/11/22 22:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2007/12/29 22:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/18 01:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/16 07:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/02/24 23:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IRISPen
[2009/02/24 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IrisPen6
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443E07A5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
As you surmised, the three logs were too much. Here's the Extra's .txt log.
********Extras.txt log**************
OTL Extras logfile created on: 9/9/2012 11:46:28 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.41% Memory free
4.35 Gb Paging File | 3.11 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 59.08 Gb Free Space | 25.81% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.76 Gb Total Space | 317.11 Gb Free Space | 68.09% Space Free | Partition Type: NTFS
Computer Name: GROUCHO | User Name: alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1
[HKEY_USERS\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56488:TCP" = 56488:TCP:*:Enabled:Pando Media Booster
"56488:UDP" = 56488:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56488:TCP" = 56488:TCP:*:Enabled:Pando Media Booster
"56488:UDP" = 56488:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:HP All-in-One Launcher Utility -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:HP Fax Setup Wizard -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Games\World_of_Warplanes\WOWpLauncher.exe" = C:\Games\World_of_Warplanes\WOWpLauncher.exe:*:Enabled:World of Warplanes -- (Wargaming.net)
"C:\Games\World_of_Tanks\WOTLauncher.exe" = C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks -- (Wargaming.net)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12815C18-37FC-4211-B1E4-F7A4FE1F7508}" = Autodesk DirectConnect 2.0
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}" = MS Export
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.4
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AC85888-1BF1-4A8D-A532-5702094453B5}" = ZBrush 4 Trial
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531AC43D-0010-1033-B544-B674C4C0B4BA}" = Autodesk Mudbox 2012 32-bit - English
"{531AC43D-EF8F-404C-B544-B674C4C0B4BA}" = Autodesk Mudbox 2012 32-bit - English
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68C2B052-B49E-43BF-8190-9811BB7502C7}" = SetupBadCDDVDRecovery
"{6BB66126-E1B5-4DF4-8320-CAC6F8009CFA}" = Philips Digital Audio Player
"{6D73A68C-6758-4317-AC5B-E9F01552B5C2}" = IRISPen Translator 6
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C40AD5-0859-9A9C-4D2F-AFED705AC231}" = ATI Problem Report Wizard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35086AC-0EB3-496D-BC00-5CB856ED53A8}" = Creative Zen Sleek Photo
"{A3DD7BA6-37A6-4245-A167-B3AA137B2157}" = TitanTV Client components for ATI
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A9EAD19D-7732-4B65-8B14-66AE227930FE}" = Calendar Maker 2.5
"{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BFE4A2B6-4894-436C-8847-70FF3F18D892}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak
"{C9B0D9EA-509C-4562-853B-852BC1A191EC}" = @promt Express 7 Giant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{E015C888-7269-AA4A-6040-5A2E23132898}" = ATI AVIVO Codecs
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF78070E-F96E-4398-B62F-EE7F793C364D}" = Autodesk Maya 2012 32-bit
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCFE894A-36B3-4A61-A04A-D99519C54DB6}" = Photosynth 2.0110.0317.1042
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Allok AVI to DVD SVCD VCD Converter_is1" = Allok AVI to DVD SVCD VCD Converter 3.4.1210
"Anime Studio_is1" = Anime Studio 5.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autodesk Maya 2012 32-bit" = Autodesk Maya 2012 32-bit
"Autodesk Mudbox 2012 32-bit - English" = Autodesk Mudbox 2012 32-bit - English
"AVG9Uninstall" = AVG 9.0
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"CassetteMate" = CassetteMate
"Cleaner 5 EZ" = Cleaner 5 EZ
"Clone2Go DVD Ripper_is1" = Clone2Go DVD Ripper 1.9.1
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Crimson Skies 1.0" = Microsoft Crimson Skies
"Defraggler" = Defraggler
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Creator3" = DVD Creator3
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-CLONER VII_is1" = DVD-CLONER V7.20 Build 993
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Font Creator_is1" = Font Creator 5.0
"getPlus(R)_ocx" = getPlus(R)_ocx
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Google Video Uploader" = Google Video Uploader
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Ink Monitor" = Ink Monitor
"InstallShield_{3AC85888-1BF1-4A8D-A532-5702094453B5}" = ZBrush 4 Trial
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSPTB" = L&H TTS3000 Português (Brasil)
"LHTTSRUR" = L&H TTS3000 Russian
"LHTTSSPE" = L&H TTS3000 Español
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MechWarrior4 Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.6 (x86 en-US)" = Mozilla Firefox 10.0.6 (x86 en-US)
"MVApplication1" = Memorex exPressit Label Design Studio
"NB40" = NewsBin Pro 4.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PAP 4.0_is1" = PAP 4.0
"PAP project files_is1" = PAP project files
"Pen Tablet Driver" = Pen Tablet
"pepakura_designer3en" = Pepakura Designer 3
"PremElem80" = Adobe Premiere Elements 8.0
"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates
"Primary Fonts II" = Primary Fonts II
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickPar" = QuickPar 0.9
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer Basic
"Red Baron Pack_is1" = Red Baron Pack
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SimpleOCR 3.1" = SimpleOCR 3.1
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery v3.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SysInfo" = Creative System Information
"Teleport Pro" = Teleport Pro
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VLC media player 2.0.2
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/19/2012 6:02:31 AM | Computer Name = GROUCHO | Source = ESENT | ID = 454
Description = Catalog Database (1520) Database recovery/restore failed with unexpected
error -1216.
Error - 8/19/2012 10:33:03 AM | Computer Name = GROUCHO | Source = ESENT | ID = 490
Description = svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 8/19/2012 10:33:03 AM | Computer Name = GROUCHO | Source = ESENT | ID = 470
Description = Catalog Database (1488) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.
Error - 8/25/2012 11:16:58 AM | Computer Name = GROUCHO | Source = Application Error | ID = 1000
Description = Faulting application worldoftanks.exe, version 0.7.4.0, faulting module
worldoftanks.exe, version 0.7.4.0, fault address 0x0094a843.
Error - 8/27/2012 10:25:50 AM | Computer Name = GROUCHO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 8/28/2012 9:08:06 AM | Computer Name = GROUCHO | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 8/28/2012 9:08:06 AM | Computer Name = GROUCHO | Source = ESENT | ID = 439
Description = Catalog Database (1492) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.
Error - 8/28/2012 9:08:06 AM | Computer Name = GROUCHO | Source = ESENT | ID = 470
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.
Error - 9/2/2012 7:32:33 AM | Computer Name = GROUCHO | Source = ESENT | ID = 490
Description = svchost (1496) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 9/2/2012 7:32:33 AM | Computer Name = GROUCHO | Source = ESENT | ID = 470
Description = Catalog Database (1496) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.
[ System Events ]
Error - 8/30/2012 11:27:18 PM | Computer Name = GROUCHO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 8/30/2012 11:29:33 PM | Computer Name = GROUCHO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 8/30/2012 11:31:03 PM | Computer Name = GROUCHO | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00132044FB9D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 8/30/2012 11:34:11 PM | Computer Name = GROUCHO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Secunia PSI Agent service
to connect.
Error - 8/30/2012 11:34:11 PM | Computer Name = GROUCHO | Source = Service Control Manager | ID = 7000
Description = The Secunia PSI Agent service failed to start due to the following
error: %%1053
Error - 8/30/2012 11:34:11 PM | Computer Name = GROUCHO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 8/30/2012 11:34:33 PM | Computer Name = GROUCHO | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3
00000000, parameter4 0110070a.
Error - 8/31/2012 12:31:28 AM | Computer Name = GROUCHO | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 9/1/2012 2:15:08 AM | Computer Name = GROUCHO | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ZEPPO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7A41F945-17A9-4E84-92C.
The
master browser is stopping or an election is being forced.
Error - 9/6/2012 2:40:11 PM | Computer Name = GROUCHO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Akamai service.
< End of report >
**********
Hi,
How old is this computer ?
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\alexander\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post that log also please
Hello Ken454,
Yes, my machine is over 5yrs old. I'm in the market for a new workstation so I can do work at home...but that's another story.
I'm driving this one until it implodes :)
So, I ran OTL with the code text. At the end, I rcvd 5 error messages which read...
OTL:OTL.exe - Corrupt File
The file or directory \System Volume Information\_restore {some incredibly long string}\RP422 is corrupt and unreadable. Please run the Chkdsk utility.
This message, with slightly different strings, came up about 5 times.
I have not run the Chkdsk utility yet.
**********OTL log after running with code text*******
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Install\cmd.bat deleted successfully.
C:\Install\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: alexander
->Temp folder emptied: 155839440 bytes
->Temporary Internet Files folder emptied: 16010207 bytes
->Java cache emptied: 6748087 bytes
->FireFox cache emptied: 427541726 bytes
->Flash cache emptied: 11026 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: eileen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1145089 bytes
->FireFox cache emptied: 16392952 bytes
->Flash cache emptied: 36327 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 643726 bytes
User: zadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 524 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 52337 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1318785 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 6612024018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 28023955 bytes
Total Files Cleaned = 6,929.00 mb
OTL by OldTimer - Version 3.2.61.3 log created on 09092012_151627
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
*********end OTL log after code text**********
*********2nd OTL log run after runfix **********
OTL logfile created on: 9/9/2012 3:34:44 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.07% Memory free
4.35 Gb Paging File | 3.61 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 72.39 Gb Free Space | 31.62% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.76 Gb Total Space | 317.11 Gb Free Space | 68.09% Space Free | Partition Type: NTFS
Computer Name: GROUCHO | User Name: alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Install\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec5fcfae\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6a4e1155\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_faf71b46\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_81e351c0\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_be00b8c1\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll ()
MOD - c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
========== Services (SafeList) ==========
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- D:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (ArcRec) -- C:\WINDOWS\System32\drivers\ArcRec.sys (ArcSoft Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (DS1410D) -- C:\WINDOWS\system32\drivers\ds1410d.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes,DefaultScope = {A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0861DC62-0661-49CD-90FA-172301091631}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{3D8B591C-547E-4531-82E8-7D9AAB7BEB6F}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{5E2976EF-E4D1-4422-9C01-FD433302A54B}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A7012C74-A613-46C9-B6D5-D77ADAA9847F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{F318742B-0E3C-4E8B-999A-7A3183FA9BC3}: "URL" = http://search.ebay.com/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{FC61465B-8AE1-4656-B9F7-D0A24E99C18A}: "URL" = http://losangeles.craigslist.org/search/sss?query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 04:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 07:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 07:35:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\videofinder4 [2008/03/21 15:18:28 | 000,000,000 | ---D | M]
[2009/01/11 16:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Extensions
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions
[2010/04/28 23:14:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\piclens@cooliris.com
[2012/03/17 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/23 07:53:25 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 11:54:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/03/09 18:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/09 18:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/09/09 15:16:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Translator) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT7\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\alexander\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\eileen\Start Menu\Programs\Startup\Kuma_Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra 'Tools' menuitem : Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm ()
O9 - Extra 'Tools' menuitem : Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\OPTIONS.HTM ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343052628375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A41F945-17A9-4E84-92CD-7EE3CB9E0AAB}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/18 12:29:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 12:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/09 15:16:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/09 03:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/09 03:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/27 21:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alexander\Desktop\20120827_saferNetworkingForum
[2012/08/27 07:36:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
========== Files - Modified Within 30 Days ==========
[2012/09/09 15:24:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/09 15:22:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/09 15:22:57 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 15:22:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/09 15:22:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/09/09 15:16:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/09 04:37:20 | 094,077,353 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/09/09 04:27:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2012/09/04 15:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/01 04:37:06 | 000,627,150 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2012/08/29 23:07:13 | 001,543,184 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 23:05:28 | 001,590,052 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/27 07:36:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2012/08/21 23:09:41 | 018,377,077 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/19 03:32:12 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:14:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 21:02:49 | 000,048,907 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/14 00:06:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/13 21:28:13 | 000,398,330 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf
========== Files Created - No Company Name ==========
[2012/08/30 20:30:58 | 3219,279,872 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/29 23:07:13 | 001,543,184 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 22:57:55 | 001,590,052 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/21 23:09:40 | 018,377,077 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/14 21:02:49 | 000,048,907 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/13 21:28:13 | 000,398,330 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf
[2012/07/23 07:30:42 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2012/02/16 11:27:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 23:48:40 | 000,010,431 | ---- | C] () -- C:\Documents and Settings\alexander\.recently-used.xbel
[2011/08/22 13:58:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/15 14:30:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2011/06/25 08:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/25 08:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/16 15:14:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 15:14:38 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 15:14:38 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 15:14:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 14:58:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/18 00:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2008/10/02 22:56:25 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\alexander\Application Data\default.pls
[2008/09/30 05:55:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\alexander\.rnd
[2006/09/20 21:48:39 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2006/09/20 21:48:39 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2006/04/24 21:40:43 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/28 15:04:28 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.tif
[2006/03/28 15:04:28 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.dat
[2005/06/28 07:51:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\fusioncache.dat
========== LOP Check ==========
[2006/08/06 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\ACD Systems
[2011/12/06 23:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Audacity
[2012/02/19 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Autodesk
[2010/09/09 07:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\AVG9
[2008/09/26 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Canneverbe_Limited
[2011/12/10 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Catalina Marketing Corp
[2010/07/24 18:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Clone2Go DVD Ripper
[2012/01/20 23:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\gtk-2.0
[2009/02/01 00:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IRISPen
[2009/02/01 00:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IrisPen6
[2005/06/28 09:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Leadertech
[2009/07/10 22:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Lost Marble
[2005/09/21 14:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\MayaWebBrowser
[2005/06/28 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Musicmatch
[2010/09/02 15:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\No Company Name
[2009/01/23 23:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\OfficeUpdate12
[2012/05/03 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Oracle
[2007/05/16 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Snapfish
[2012/08/16 06:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\wargaming.net
[2012/02/20 01:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/08/11 03:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/05/06 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/03/14 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/10 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/07/20 22:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/18 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/02/01 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PROject MT
[2007/11/22 22:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2007/12/29 22:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/18 01:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/16 07:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/02/24 23:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IRISPen
[2009/02/24 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IrisPen6
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443E07A5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
********end OTL log**********
Ken545.
Not Ken454. Apologies.
-AW
Hi,
System Volume Information <--This is your System Restore Program , it may be corrupted.
This is what I would do since this forum is for malware removal only, go to this site that we work closely with, register (Its Free) and then post in there forum about the bad poller error and also your System Restore being corrupted, they can run you through some tests to determine the health of your hard drive because at this point I am not looking at anything malicious that can be causing this. I will leave this thread open for you for awhile so post back and let me know how its going, you can link them to this thread so they can see what we have done.
http://www.pcpitstop.com/
If after they check your hardware, if they feel all is ok that it may be malware, then let me know and we can dig deeper
Ken :)
Hi Ken545,
I'll visit the site you've recommended and see if they can pursue this further. Thanks so much for your help and I'll keep you informed of the progress.
Many Thanks
AWhang
Good, I will keep this thread open for you so post back when you can and let me know how it went. I am linked to your post at PCPitstop so I can follow along, user to user help would be the forum to use
Awong, how are ya doing ? What I was hoping would happen at the PIT was for them to run a test of your hard drive to determine its health and go from there, lets check a bit further as there where some bad entries on your DDS log but we addressed them with OTL.
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Hello Ken545,
Thanks for keeping tabs on me over at PCP.
Here's the log for MBRCheck and ESET. Looks like ESET found something.
PCP is also asking for a PIT test to be run. I guess they want to compare analysis-fu:) Would that confuse things?
*****MBRCheck log*****
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 103):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF798D000 dmload.sys
0xF73E2000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF73CA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AA000 fltmgr.sys
0xF7398000 sr.sys
0xF74D7000 PxHelp20.sys
0xF7381000 KSecDD.sys
0xF72F4000 Ntfs.sys
0xF72C7000 NDIS.sys
0xF72AD000 Mup.sys
0xF74E7000 avgrkx86.sys
0xF74F7000 AVGIDSxx.sys
0xF722C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF773F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7208000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF71E0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7517000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7767000 \SystemRoot\system32\drivers\Afc.sys
0xF71BD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7787000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xF798F000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xF7597000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7991000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF792B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF71A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7195000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7165000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7997000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7107000 \SystemRoot\system32\DRIVERS\update.sys
0xF794B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7957000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7817000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xF7963000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7667000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7677000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BCC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF7003000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79AB000 \SystemRoot\System32\Drivers\ArcRec.SYS
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7947000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF6FD0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6F77000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6F51000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6F17000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF70F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6EEF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6ECD000 \SystemRoot\System32\drivers\afd.sys
0xF7697000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6EA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6E32000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF782F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7867000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6DF2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF725C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77A7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF696E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF667A000 \SystemRoot\system32\DRIVERS\srv.sys
0xF63D6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 19):
0 System Idle Process
4 System
768 C:\WINDOWS\system32\smss.exe
816 csrss.exe
840 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1416 C:\WINDOWS\system32\svchost.exe
1428 svchost.exe
1592 C:\Program Files\AVG\AVG9\avgchsvx.exe
1604 svchost.exe
1784 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1800 C:\Program Files\AVG\AVG9\avgcsrvx.exe
456 C:\WINDOWS\explorer.exe
868 C:\Program Files\Mozilla Firefox\firefox.exe
1444 C:\Program Files\Mozilla Firefox\plugin-container.exe
804 C:\Documents and Settings\alexander\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500JD-75HBC0, Rev: 08.02D08
PhysicalDrive1 Model Number: TOSHIBAExternal USB 3.0, Rev: 0001
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
931 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
*****end MBRCheck log*****
*****ESET log*****
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17112 (vista_gdr.120629-0008)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=26dd81ad0e4b3342bb9e73ab2c4b9f77
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-12 03:30:30
# local_time=2012-09-12 08:30:30 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 114539185 114539185 0 0
# compatibility_mode=1031 16777174 100 93 0 88634288 0 0
# compatibility_mode=8192 67108863 100 0 32420853 32420853 0 0
# scanned=252854
# found=6
# cleaned=0
# scan_time=7710
C:\Documents and Settings\alexander\My Documents\Downloads\cnet_spybotsd162_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\alexander\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Install\cnet2_audacity-win-1_2_6_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Install\VLC_32.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Install\YouTubeDownloaderSetup273.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Install\Nero\wordview_en-us.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
Hi,
Go ahead back at the PIT and run the tests they would like you to run, it will check all your hardware, your sound, video, memory, hard drive and more
It wouldn't hurt to open these folders and remove what ever is in there but not the folder itself
C:\Documents and Settings\alexander\My Documents\Downloads
C:\Install
MBRCheck checks your Master Boot Record to see if its infected but it is not
I want to check to make sure there is not a hidden MBR partition, this is a quick scan
ListParts is a small utility that will create a log that contains a listing of all the hard drive partitions on your computer, which can then be posted on the forum that you are receiving help. This tool is useful for diagnosing rootkit infections that create additional hidden partitions on your computer.
Note: There are both 32-bit and 64-bit versions of GrantPerms available. Please pick the version that matches your operating system's bit type.
You want to download the 32 bit version
http://www.bleepingcomputer.com/download/listparts/
Another quick scanner
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Hello Ken545,
Here are the logs you requested. I'll also hop over to PCP and run their PIT test as well. The CKScanner seems to be picking up an a lot of my texture files which have "crack" or "cracked" in them:)
Thanks
AWhang
*****ListParts log*****
ListParts by Farbar Version: 10-08-2012
Ran by alexander (administrator) on 13-09-2012 at 06:57:56
Windows XP (X86)
Running From: C:\Documents and Settings\alexander\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 3070.07 MB
Available physical RAM: 2451.83 MB
Total Pagefile: 4450.39 MB
Available Pagefile: 4093.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.41 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:228.93 GB) (Free:78.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:916.7 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 932 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 229 GB 47 MB
Partition 3 Unknown 3938 MB 229 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 229 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D TOSHIBA EXT NTFS Partition 932 GB Healthy
======================================================================================================
****** End Of Log ******
*****CKScanner Log*****
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\application data\adobe\photoshop elements\6.0\locale\en_us\photo creations metadata\backgrounds\cracked paint.xml
c:\documents and settings\all users\documents\nintndo ds\professor layton and the diabolical box (u)\00000_no$gba-w\battery\4982 - safecracker - the ultimate puzzle adventure (usa) (en,fr,es) [b].sav
c:\flexlm\awkeygen.exe
c:\program files\alias\maya7.0\brushes\fun\cracks.mel
c:\program files\alias\maya7.0\brushes\fun\cracks.mel.icon
c:\program files\alias\maya7.0\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2009\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2011\docs\maya2011\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2011\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2011\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2011\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya2012\brushes\fun\cracks.mel
c:\program files\autodesk\maya2012\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2012\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2012\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2012\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2012\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2012\scripts\others\crackshatter.res.mel
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage
scanner sequence 3.ZZ.11.JJNAEH
----- EOF -----
Awong,
c:\flexlm\awkeygen.exe
Can you explain this, it appears to be some sort of program to circumvent a Program license
"aw" could stand for alias wavefront, which used to own Maya, the software I use at work. I have valid licenses for a suite of programs (now owned by Autodesk) that includes Mudbox, Maya, 3dMax, etc. I bought an educational package a few years back.
But if it's used to get around a license, then I'm not sure what it's for.
-AW
OK, just want to let you know to never fool around downloading anything via the torrents , the illegal stuff is all infected.
I see you posted the correct link for your test at the Pit, lets see what they have to say
...I didn't get a notification that you had replied to my last entry. I think I'm still subscribed to this thread and I usually get an email when you post...not this time though (?).
Anyways, it looks like their suggestions were all related to optimizing performance. I was hoping that they would have some hints as to why my chkdsk is failing. The bright note is that they didn't find any bug-a-boos so that's a relief.
I just wish I could get my machine off Safe Mode and have it run successfully through chkdsk. Do you know if, while in chkdsk, it's normal for the machine to stop talking to the monitor? Maybe it is running, just taking a long time?
Suggestions?
Thanks
AWhang
Awang,
Are you saying that CHKDSK runs on every startup, are you not able to boot into normal windows ?
Yes, so far, everytime I attempt to start it tries to run a chkdsk.
I'm pretty sure it's because I had asked for a chkdsk and the only way it can start one is on boot-up.
I recall, after my blue screen of death with the bad pool caller, it was suggested to run a chkdsk, so I tried. But, because my machine keeps dying on the 2nd of 5 checks, it never completes. I then need to shut my machine down (holding on/off button until the machine dies) then I'd restart...only to end up back on the chkdsk page, where I'd get stuck on the 2nd of 5 again...endless cycle.
Thanks
AWhang
Give this a shot
First click Start> Run> bring up a command prompt by typing in "CMD" and type fsutil dirty query C: . This queries the drive, and more than likely it will tell you that it is dirty. Next, type CHKNTFS /X C:. The X tells Windows to NOT check that particular drive on the next reboot. At this time, manually reboot your computer, it should not do a Chkdsk and take you directly to Windows.
Once Windows has fully loaded, bring up another CMD prompt and type and now you want to do a Chkdsk manually by typing Chkdsk /f /r c:. This should take you through 5 stages of the scan and will unset that dirty bit. Finally, type fsutil dirty query c: and Windows will confirm that the dirty bit is not set on that drive.
I typed in that fsutil command and got an immediate response of
volume - c: is not dirty
I'll go through with the other steps and try a manual chkdsk to see if that makes a difference...maybe my system just takes a long time to chk so the monitor goes to sleep?
Stay tuned...
Thanks
AWhang
I typed CHKNTFS /X c:
and I got the following -
"The type of the file system is NTFS.
Cannot lock current drive."
then -
"Chkdsk cannot run because the volume is in use by another process.
Would you like to schedule this volume to be checked the next time
the system restarts? (Y/N)"
I typed N.
Weird?
-AW
AW,
You can go into Power Options in the Control Panel and set your monitor not to sleep or extend the time.
I think at this point you need to post in the windows forum about chkdsk and have them help you out with it as we just do malware removal on this forum.
Good Luck
Ken :)
Hi Ken545,
Thanks so much for your patience and persistence. It's a great relief that I'm actually not dealing with a virus or something malicious.
I'll take your advice and have a look at the Windows forum to see what they have to say. I want to try that monitor setting first though.
Thanks again!
Until next year :D
-AWhang
Hi, I was just reading the post at the Pit, I would try and back up things that you dont want to lose like pictures, documents as its very possible that your HD may be heading south.
I have seen drives last for many many years and some that fail after a few months, its a crapshoot, you never know so its always best to be prepared in case one does go.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
It was the monitor setting. It was set to turn off after 20min in-activity. When I disabled that, I could monitor my chkdsk and that finally did complete.
I've cleaned up OTL and deleted some of the other diagnostic type programs.
I'm heading over to PCP to run through that Linux back-up thing.
Thanks again
AWhang
Your very welcome,
Take care,
Ken :)
Funny thing. After I successfully ran the chkdsk, I was able to run the Windows backup to my portable drive as well.
I then, for a double check, successfully ran quick defrag as well.
Thanks again! I love this site!
-AWhang
:bigthumb::bigthumb::bigthumb:
Take care and thanks for posting on our site
Ken :)