Help with my computer, Bad_Pool_Caller that led to some weird file recovery behaviour

**awong** · 2012-09-10, 00:53

Hello Ken454,
Yes, my machine is over 5yrs old. I'm in the market for a new workstation so I can do work at home...but that's another story.

I'm driving this one until it implodes

So, I ran OTL with the code text. At the end, I rcvd 5 error messages which read...

OTL:OTL.exe - Corrupt File
The file or directory \System Volume Information\_restore {some incredibly long string}\RP422 is corrupt and unreadable. Please run the Chkdsk utility.

This message, with slightly different strings, came up about 5 times.
I have not run the Chkdsk utility yet.

**********OTL log after running with code text*******

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Install\cmd.bat deleted successfully.
C:\Install\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: alexander
->Temp folder emptied: 155839440 bytes
->Temporary Internet Files folder emptied: 16010207 bytes
->Java cache emptied: 6748087 bytes
->FireFox cache emptied: 427541726 bytes
->Flash cache emptied: 11026 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: eileen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1145089 bytes
->FireFox cache emptied: 16392952 bytes
->Flash cache emptied: 36327 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 643726 bytes

User: zadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 524 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 52337 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1318785 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 6612024018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 28023955 bytes

Total Files Cleaned = 6,929.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09092012_151627

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

*********end OTL log after code text**********

*********2nd OTL log run after runfix **********

OTL logfile created on: 9/9/2012 3:34:44 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.07% Memory free
4.35 Gb Paging File | 3.61 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 72.39 Gb Free Space | 31.62% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.76 Gb Total Space | 317.11 Gb Free Space | 68.09% Space Free | Partition Type: NTFS

Computer Name: GROUCHO | User Name: alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Install\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec5fcfae\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6a4e1155\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_faf71b46\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_81e351c0\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_be00b8c1\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll ()
MOD - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll ()
MOD - c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ()
MOD - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()

========== Services (SafeList) ==========

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- D:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (ArcRec) -- C:\WINDOWS\System32\drivers\ArcRec.sys (ArcSoft Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (DS1410D) -- C:\WINDOWS\system32\drivers\ds1410d.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]

IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=w....aspx&id=64855
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 29 60 05 76 EA 9B 4A 85 13 D4 9B C4 24 50 9A [binary data]
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes,DefaultScope = {A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{0861DC62-0661-49CD-90FA-172301091631}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{3D8B591C-547E-4531-82E8-7D9AAB7BEB6F}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{5E2976EF-E4D1-4422-9C01-FD433302A54B}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A7012C74-A613-46C9-B6D5-D77ADAA9847F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{A86BB7A2-A3E5-4EE0-9C43-6DD9A8703BA0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{F318742B-0E3C-4E8B-999A-7A3183FA9BC3}: "URL" = http://search.ebay.com/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\..\SearchScopes\{FC61465B-8AE1-4656-B9F7-D0A24E99C18A}: "URL" = http://losangeles.craigslist.org/search/sss?query={searchTerms}
IE - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196144302&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 04:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 07:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 07:35:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\videofinder4 [2008/03/21 15:18:28 | 000,000,000 | ---D | M]

[2009/01/11 16:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Extensions
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions
[2010/04/28 23:14:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/31 23:57:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\alexander\Application Data\Mozilla\Firefox\Profiles\fwwqxfij.default\extensions\piclens@cooliris.com
[2012/03/17 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/23 07:53:25 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 11:54:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/03/09 18:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/09 18:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/09 15:16:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Translator) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT7\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\alexander\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\eileen\Start Menu\Programs\Startup\Kuma_Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra 'Tools' menuitem : Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm ()
O9 - Extra 'Tools' menuitem : Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\OPTIONS.HTM ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1343052628375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A41F945-17A9-4E84-92CD-7EE3CB9E0AAB}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/18 12:29:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 12:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3600450353-198051875-3541220991-1005\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 15:16:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/09 03:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/09 03:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/27 21:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alexander\Desktop\20120827_saferNetworkingForum
[2012/08/27 07:36:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2012/09/09 15:24:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/09 15:22:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/09 15:22:57 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 15:22:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/09 15:22:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/09/09 15:16:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/09 04:37:20 | 094,077,353 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/09/09 04:27:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2012/09/04 15:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/01 04:37:06 | 000,627,150 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2012/08/29 23:07:13 | 001,543,184 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 23:05:28 | 001,590,052 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/27 07:36:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\alexander\Desktop\aswMBR.exe
[2012/08/27 07:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alexander\Desktop\dds.scr
[2012/08/21 23:09:41 | 018,377,077 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/19 03:32:12 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:14:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 21:02:49 | 000,048,907 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | M] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/14 00:06:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/13 21:28:13 | 000,398,330 | ---- | M] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf

========== Files Created - No Company Name ==========

[2012/08/30 20:30:58 | 3219,279,872 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/29 23:07:13 | 001,543,184 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.zip
[2012/08/29 22:57:55 | 001,590,052 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\StatementOfFacts_2012.pdf
[2012/08/27 21:16:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\MBR.dat
[2012/08/21 23:09:40 | 018,377,077 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Braille-Scale-Modelling.pdf
[2012/08/14 21:02:49 | 000,048,907 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\garrettQualif.jpg
[2012/08/14 21:02:19 | 000,070,170 | ---- | C] () -- C:\Documents and Settings\alexander\Desktop\greggQualif.jpg
[2012/08/13 21:28:13 | 000,398,330 | ---- | C] () -- C:\Documents and Settings\alexander\My Documents\Philosophy_b.pdf
[2012/07/23 07:30:42 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2012/02/16 11:27:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 23:48:40 | 000,010,431 | ---- | C] () -- C:\Documents and Settings\alexander\.recently-used.xbel
[2011/08/22 13:58:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/18 23:38:22 | 000,013,286 | -HS- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\04c82101viwu72jb0k6mt11273b37imi7ebelf7kef40
[2011/08/15 14:30:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2011/06/25 08:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/25 08:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/16 15:14:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 15:14:38 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 15:14:38 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 15:14:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 14:58:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/18 00:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\prvlcl.dat
[2008/10/02 22:56:25 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\alexander\Application Data\default.pls
[2008/09/30 05:55:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\alexander\.rnd
[2006/09/20 21:48:39 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2006/09/20 21:48:39 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2006/04/24 21:40:43 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/28 15:04:28 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.tif
[2006/03/28 15:04:28 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\alexander\hpothb07.dat
[2005/06/28 07:51:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\alexander\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2006/08/06 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\ACD Systems
[2011/12/06 23:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Audacity
[2012/02/19 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Autodesk
[2010/09/09 07:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\AVG9
[2008/09/26 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Canneverbe_Limited
[2011/12/10 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Catalina Marketing Corp
[2010/07/24 18:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Clone2Go DVD Ripper
[2012/01/20 23:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\gtk-2.0
[2009/02/01 00:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IRISPen
[2009/02/01 00:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\IrisPen6
[2005/06/28 09:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Leadertech
[2009/07/10 22:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Lost Marble
[2005/09/21 14:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\MayaWebBrowser
[2005/06/28 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Musicmatch
[2010/09/02 15:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\No Company Name
[2009/01/23 23:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\OfficeUpdate12
[2012/05/03 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Oracle
[2007/05/16 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\Snapfish
[2012/08/16 06:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alexander\Application Data\wargaming.net
[2012/02/20 01:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/08/11 03:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/05/06 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/03/14 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/10 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/07/20 22:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/18 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/02/01 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PROject MT
[2007/11/22 22:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2007/12/29 22:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/18 01:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/16 07:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/02/24 23:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IRISPen
[2009/02/24 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eileen\Application Data\IrisPen6

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443E07A5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

********end OTL log**********

Thread: Help with my computer, Bad_Pool_Caller that led to some weird file recovery behaviour

Thread Tools

Display

Threaded View

2nd set of OTL logs...

Posting Permissions