Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blue screen error reports from windows debugger


  • This topic is locked This topic is locked
4 replies to this topic

#1 sammyt4

sammyt4

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 07 January 2010 - 01:39 PM

The blue screen of death happens three or four times a day, I've noticed in particular, it happens when I try to create a new folder anywhere.. Right-clicking to create the folder takes forever to bring up the menu, and then when i hover the mouse over "New" it happens. The blue screen then appears and says the problem is occuring because of spooldr.sys I've run malwarebytes but it doesn't detect anything.

If you guys can help me, it would be greatly appreciated, especially because I work from home so my computer is really, really essential!

Thank you in advance, go get em! thumbup.gif

Here is my log file from DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 11:14:53.03 on Thu 01/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.92 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TP-LINK\TL-WN821N\TWCU.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {F5F5DB68-7D12-485D-A246-FBD0D8DA0627} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {196C3A46-4758-433D-A600-802C804AF39C} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [<NO NAME>]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TWCU] "c:\program files\tp-link\tl-wn821n\TWCU.exe" -nogui
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199230503907
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\suteniro.dll,c:\windows\system32\tiyunike.dll,c:\windows\system32\lekefoji.dll,c:\windows\system32\bafejoyi.dll,c:\windows\system32\furoyuwe.dll,c:\windows\system32\bawepuve.dll
LSA: Notification Packages = scecli c:\windows\system32\suteniro.dll c:\windows\system32\tiyunike.dll c:\windows\system32\lekefoji.dll c:\windows\system32\bafejoyi.dll c:\windows\system32\furoyuwe.dll c:\windows\system32\bawepuve.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xttrfbnp.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-27 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-27 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-21 12672]
R3 arusb(TP-LINK);Atheros Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [2009-10-9 458240]
S2 gupdate1ca47b2dc85aabe;Google Update Service (gupdate1ca47b2dc85aabe);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\a5agu.sys --> c:\windows\system32\drivers\A5AGU.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-10-30 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-10-30 85696]

=============== Created Last 30 ================

2010-01-07 15:56:24 0 d-----w- c:\program files\Trend Micro
2010-01-06 01:51:11 0 d-----w- c:\program files\common files\Control Panels
2010-01-06 00:53:40 0 d-----w- c:\program files\Windows Installer Clean Up
2010-01-06 00:53:23 0 d-----w- c:\program files\MSECACHE
2010-01-05 22:21:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-05 22:21:31 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-05 22:20:03 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Lite
2010-01-05 22:19:59 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-04 00:14:09 0 d-----w- C:\Driver Collector

==================== Find3M ====================

2009-12-30 19:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-16 01:18:22 49912 ----a-w- c:\windows\fonts\bgrovealtb.otf
2009-10-16 01:17:54 17648 ----a-w- c:\windows\fonts\bgrovealtb.ttf
2009-10-16 01:16:40 54344 ----a-w- c:\windows\fonts\bgroveb.otf
2009-10-16 01:16:28 17732 ----a-w- c:\windows\fonts\bgroveb.ttf
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-09 23:44:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 16:46:02 18872 ----a-w- c:\windows\fonts\bgrovealt.ttf
2009-10-09 16:45:46 29944 ----a-w- c:\windows\fonts\bgrovealt.otf
2009-10-09 16:44:52 32292 ----a-w- c:\windows\fonts\bgrove.otf
2009-10-09 16:44:32 18744 ----a-w- c:\windows\fonts\bgrove.ttf
2008-12-04 07:40:50 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-12-04 07:40:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-12-04 07:40:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120420081205\index.dat
2008-12-04 07:40:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 11:16:31.70 ===============

Here are the last five blue screen error reports from Windows Debugger:

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini010710-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Thu Jan 7 12:17:32.531 2010 (GMT-5)
System Uptime: 0 days 0:05:11.090
Loading Kernel Symbols
...............................................................
................................................................

Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf802f39, ee36cacc, 0}

Probably caused by : win32k.sys ( win32k!xxxSleepThread+186 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf802f39, The address that the exception occurred at
Arg3: ee36cacc, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!xxxSleepThread+186
bf802f39 ffb6a8000000 push dword ptr [esi+0A8h]

TRAP_FRAME: ee36cacc -- (.trap 0xffffffffee36cacc)
ErrCode = 00000000
eax=82c8abe8 ebx=00001000 ecx=82c8ac1c edx=80010031 esi=00000000 edi=00000008
eip=bf802f39 esp=ee36cb40 ebp=ee36cb70 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!xxxSleepThread+0x186:
bf802f39 ffb6a8000000 push dword ptr [esi+0A8h] ds:0023:000000a8=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from bf840f3c to bf802f39

STACK_TEXT:
ee36cb70 bf840f3c 00000200 ee36cb5c 00000000 win32k!xxxSleepThread+0x186
ee36cc0c bf8141ba bc79afe0 0000004a 000200e2 win32k!xxxInterSendMsgEx+0x7f6
ee36cc58 bf8340cd bc79afe0 0000004a 000200e2 win32k!xxxSendMessageTimeout+0x11f
ee36ccbc bf85c003 bc79afe0 0000004a 000200e2 win32k!xxxSendMessageEx+0x7a
ee36cd08 bf80eece bc79afe0 0000004a 000200e2 win32k!NtUserfnCOPYDATA+0x82
ee36cd40 804de7ec 0003003a 0000004a 000200e2 win32k!NtUserMessageCall+0xae
ee36cd40 7c90e514 0003003a 0000004a 000200e2 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0129f3f4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxSleepThread+186
bf802f39 ffb6a8000000 push dword ptr [esi+0A8h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!xxxSleepThread+186

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a8564c7

FAILURE_BUCKET_ID: 0x8E_win32k!xxxSleepThread+186

BUCKET_ID: 0x8E_win32k!xxxSleepThread+186

Followup: MachineOwner
---------

kd> lmvm win32k
start end module name
bf800000 bf9c3d00 win32k (pdb symbols) c:\debug_symbols\win32k.pdb\F915A35BC19D40E18F5D441F8BB7068B2\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\debug_symbols\win32k.sys\4A8564C71c3d00\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Fri Aug 14 09:21:11 2009 (4A8564C7)
CheckSum: 001D3144
ImageSize: 001C3D00
File version: 5.1.2600.5863
Product version: 5.1.2600.5863
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0405.04b0
CompanyName: Microsoft Corporation
ProductName: Operační systém Microsoft® Windows®
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 5.1.2600.5863
FileVersion: 5.1.2600.5863 (xpsp_sp3_gdr.090814-1258)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
--

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini010610-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Wed Jan 6 22:06:32.671 2010 (GMT-5)
System Uptime: 0 days 0:09:28.236
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {66ecd, 2, 0, 8054bf0f}

Unable to load image sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ac )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00066ecd, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054bf0f, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from 8054c09e to 8054bf0f

STACK_TEXT:
f8a13ddc 8054c09e 826c1a88 82c1a0ec 82246008 nt!ExDeferredFreePool+0xac
f8a13e1c 8054be39 82246008 00000000 f8a13e98 nt!ExFreePoolWithTag+0x489
f8a13e2c f7c441a1 82246008 82a11a48 82246008 nt!ExFreePool+0xf
f8a13e98 f7c44d47 82dbb220 00000000 82c1a7d8 USBPORT!USBPORT_CompleteTransfer+0x43f
f8a13ec8 f7c45944 026e6f44 82c1a0e0 82c1a0e0 USBPORT!USBPORT_DoneTransfer+0x137
f8a13f00 f7c4713a 82c1a028 804e2eb4 82c1a230 USBPORT!USBPORT_FlushDoneTransferList+0x16c
f8a13f2c f7c5524b 82c1a028 804e2eb4 82c1a028 USBPORT!USBPORT_DpcWorker+0x224
f8a13f68 f7c553c2 82c1a028 00000001 82d8c008 USBPORT!USBPORT_IsrDpcWorker+0x38f
f8a13f84 f84f5894 82c1a64c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166
WARNING: Stack unwind information not available. Following frames may be wrong.
f8a13fd0 804dbbd4 82c1a64c 82c1a028 00000000 sptd+0x11894
f8a13ff4 804db89e ee62b418 00000000 00000000 nt!KiRetireDpcList+0x46
f8a13ff8 ee62b418 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
804db89e 00000000 00000009 bb835675 00000128 0xee62b418


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+ac

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name
--

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini010610-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Wed Jan 6 21:56:42.703 2010 (GMT-5)
System Uptime: 0 days 4:50:50.251
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {7, 2, 1, 8054c0b9}

Unable to load image sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+fd )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000007, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054c0b9, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+fd
8054c0b9 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from 8054c09e to 8054c0b9

STACK_TEXT:
f8a13ddc 8054c09e 8286e530 82cbd0ec 82522a58 nt!ExDeferredFreePool+0xfd
f8a13e1c 8054be39 82522a58 00000000 f8a13e98 nt!ExFreePoolWithTag+0x489
f8a13e2c f81741a1 82522a58 828b0e70 82522a58 nt!ExFreePool+0xf
f8a13e98 f8174d47 82c9a690 00000000 82cbd7d8 USBPORT!USBPORT_CompleteTransfer+0x43f
f8a13ec8 f8175944 026e6f44 82cbd0e0 82cbd0e0 USBPORT!USBPORT_DoneTransfer+0x137
f8a13f00 f817713a 82cbd028 804e2eb4 82cbd230 USBPORT!USBPORT_FlushDoneTransferList+0x16c
f8a13f2c f818524b 82cbd028 804e2eb4 82cbd028 USBPORT!USBPORT_DpcWorker+0x224
f8a13f68 f81853c2 82cbd028 00000001 82e54008 USBPORT!USBPORT_IsrDpcWorker+0x38f
f8a13f84 f84f5894 82cbd64c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166
WARNING: Stack unwind information not available. Following frames may be wrong.
f8a13fd0 804dbbd4 82cbd64c 82cbd028 00000000 sptd+0x11894
f8a13ff4 804db89e ee8b1598 00000000 00000000 nt!KiRetireDpcList+0x46
f8a13ff8 ee8b1598 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
804db89e 00000000 00000009 bb835675 00000128 0xee8b1598


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+fd
8054c0b9 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+fd

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name
--

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini010610-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Wed Jan 6 17:04:59.062 2010 (GMT-5)
System Uptime: 0 days 3:31:18.610
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {2be9, 2, 0, 8054bf0f}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ac )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00002be9, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054bf0f, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from 8054c09e to 8054bf0f

STACK_TEXT:
ee536990 8054c09e 825d53b0 825fb430 00000000 nt!ExDeferredFreePool+0xac
ee5369d0 805675de 82d4f250 00000000 ee536d64 nt!ExFreePoolWithTag+0x489
ee536d48 804de7ec 0000000b 071aff6c 00000001 nt!NtWaitForMultipleObjects+0x300
ee536d48 7c90e514 0000000b 071aff6c 00000001 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
071affb4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+ac

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name
--

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini010610-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Wed Jan 6 13:30:20.953 2010 (GMT-5)
System Uptime: 0 days 17:10:17.525
Loading Kernel Symbols
...............................................................
................................................................

Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {2932e0, 2, 0, 8054bf0f}

*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for sr.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fltmgr.sys -
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ac )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 002932e0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054bf0f, address which referenced memory

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'arusb' and 'arusb.sys' overlap

BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: InDesign.exe

LAST_CONTROL_TRANSFER: from 8054c09e to 8054bf0f

STACK_TEXT:
ef35177c 8054c09e 82459398 82f16a2c 82f169c8 nt!ExDeferredFreePool+0xac
ef3517bc 804f2e7d 82f169c8 00000000 8240c2c0 nt!ExFreePoolWithTag+0x489
ef3517ec 804f3787 00000000 e10d72f0 8240c2c0 nt!CcDeleteSharedCacheMap+0x141
ef351808 f83a9e35 00000000 00000000 00000000 nt!CcUninitializeCacheMap+0x127
WARNING: Stack unwind information not available. Following frames may be wrong.
ef35182c f8384d95 e10d72f0 00000000 00000000 Ntfs+0x29e35
ef35184c f83a5c0a e10d72f0 e10d74f8 00008800 Ntfs+0x4d95
ef351a5c f83a5d4d ef351a78 82208528 82e99a08 Ntfs+0x25c0a
ef351bd4 804e37f7 82e98020 82208528 82f47850 Ntfs+0x25d4d
ef351be4 f8428bbf 00000000 82289168 ef351c28 nt!IopfCallDriver+0x31
ef351bf4 804e37f7 82e99950 82208528 82208528 sr+0x4bbf
ef351c04 f8439e9b 82cda800 82208528 82e2fa80 nt!IopfCallDriver+0x31
ef351c28 f843a06b ef351c48 82cda800 00000000 fltmgr!FltGetIrpName+0x10dd
ef351c60 804e37f7 82cda800 82208528 82208528 fltmgr!FltGetIrpName+0x12ad
ef351c70 8056e99a 82c95ab0 82fb6560 82c95ac8 nt!IopfCallDriver+0x31
ef351ca4 80567827 82f56088 82cda800 00100001 nt!IopCloseFile+0x27c
ef351cd4 805679cf 82f56088 00000001 82fb6560 nt!ObpDecrementHandleCount+0xd4
ef351cfc 80567a40 e2c62ed0 82c95ac8 00000dcc nt!ObpCloseHandleTableEntry+0x14d
ef351d44 80567a8a 00000dcc 00000001 00000000 nt!ObpCloseHandle+0x87
ef351d58 804de7ec 00000dcc 0012f558 7c90e514 nt!NtClose+0x1d
ef351d58 7c90e514 00000dcc 0012f558 7c90e514 nt!KiFastCallEntry+0xf8
0012f558 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+ac
8054bf0f 8b08 mov ecx,dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+ac

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+ac

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 14 January 2010 - 10:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 sammyt4

sammyt4
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 January 2010 - 11:25 AM

Hi myrti,

Thank you for getting back to me!

The problem I am having is that my computer goes into the blue screen and has been for the past few months, and most times when reporting the error, windows reporting tells me it's being caused be spooldr.sys and tells me to run malware scans, but nothing ever comes up when I do. So far I have followed many of the steps in what to do for a slow computer from this forum, so defrag (page and regular files), CCleaner, checked and updated drivers for my Dell. Also there's been a Windows XP update since I last posted. Since taking these steps, I have not run into the blue screen.

here is the OTL.txt report:
OTL logfile created on: 1/14/2010 11:06:08 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Owner\Desktop\downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.23 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SENA-093ADF5280
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 11:05:25 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\downloads\OTL.exe
PRC - [2010/01/06 17:10:39 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/12 09:46:57 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/09 18:44:17 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 18:44:17 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/01 12:38:36 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 12:38:35 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/01 12:38:14 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 12:37:56 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/01 12:37:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2008/10/20 15:09:22 | 00,557,186 | ---- | M] (TP-LINK) -- C:\Program Files\TP-LINK\TL-WN821N\TWCU.exe
PRC - [2008/08/17 02:05:52 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/27 03:21:04 | 00,467,029 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/09/20 12:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/20 12:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/01/14 11:05:25 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/09 18:44:17 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/07 20:00:24 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca47b2dc85aabe) Google Update Service (gupdate1ca47b2dc85aabe)
SRV - [2009/09/01 12:37:56 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/09/01 12:37:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/04/30 16:55:52 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/05/27 03:21:04 | 00,467,029 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/10/25 18:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 14:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/25 22:49:00 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/05 17:21:49 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/15 15:04:58 | 00,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/01 12:38:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 12:38:36 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/22 14:13:20 | 00,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/27 11:45:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/27 00:16:28 | 00,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/12/01 09:32:24 | 00,458,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK)) Atheros Wireless Network Adapter Service(TP-LINK)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/23 16:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/12/13 19:31:02 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/13 19:52:50 | 00,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/03/13 15:50:08 | 00,085,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex)
DRV - [2006/03/13 15:50:06 | 00,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 15:50:02 | 00,096,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm)
DRV - [2006/03/13 15:50:00 | 00,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl)
DRV - [2006/03/13 09:49:54 | 00,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2006/01/16 11:45:30 | 00,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2005/09/20 13:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/27 18:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 12:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/12 09:03:49 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/02/10 18:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 18:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 16:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/22 11:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 16:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-823518204-583907252-725345543-1003\S-1-5-21-823518204-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-583907252-725345543-1003\S-1-5-21-823518204-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:1.3.6
FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.5.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.104.67.250"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.104.67.250"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.104.67.250"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.104.67.250"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.104.67.250"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:07:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/28 13:57:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 17:10:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:10:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/23 18:08:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/09/05 03:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/14 00:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xttrfbnp.default\extensions
[2009/11/23 23:30:57 | 00,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xttrfbnp.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2009/11/24 01:10:17 | 00,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xttrfbnp.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/11/23 21:45:37 | 00,000,000 | ---D | M] (Black Stratini) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xttrfbnp.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2009/11/28 14:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xttrfbnp.default\extensions\personas@christopher.beard
[2010/01/14 00:45:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (no name) - {F5F5DB68-7D12-485D-A246-FBD0D8DA0627} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-583907252-725345543-1003\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-583907252-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-823518204-583907252-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TL-WN821N\TWCU.exe (TP-LINK)
O4 - HKU\S-1-5-21-823518204-583907252-725345543-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-823518204-583907252-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-823518204-583907252-725345543-1003\..Trusted Domains: dell.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-823518204-583907252-725345543-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1199230503907 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/webplayer/stage6/...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\suteniro.dll) - C:\WINDOWS\System32\suteniro.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\tiyunike.dll) - C:\WINDOWS\System32\tiyunike.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lekefoji.dll) - C:\WINDOWS\System32\lekefoji.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bafejoyi.dll) - C:\WINDOWS\System32\bafejoyi.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\furoyuwe.dll) - C:\WINDOWS\System32\furoyuwe.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bawepuve.dll) - C:\WINDOWS\System32\bawepuve.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/05/clip_image003.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/14 13:28:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06e8441d-332c-11de-83d2-002127c2461f}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{06e8441d-332c-11de-83d2-002127c2461f}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{678d166f-1ecb-11de-83cd-002127c2461f}\Shell\AutoRun\command - "" = F:\wak.cmd -- File not found
O33 - MountPoints2\{678d166f-1ecb-11de-83cd-002127c2461f}\Shell\explore\Command - "" = F:\wak.cmd -- File not found
O33 - MountPoints2\{678d166f-1ecb-11de-83cd-002127c2461f}\Shell\open\Command - "" = F:\wak.cmd -- File not found
O33 - MountPoints2\{8377b618-bbfc-11db-82a2-0013208a0fb9}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-22-2134031345-1609158761-021649731-3246\shellexec.exe
O33 - MountPoints2\{8377b618-bbfc-11db-82a2-0013208a0fb9}\Shell\open\command - "" = RECYCLER\S-1-6-22-2134031345-1609158761-021649731-3246\shellexec.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/13 16:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\downloads
[2010/01/10 12:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Desktop
[2010/01/07 18:05:18 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/01/07 15:17:18 | 00,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\mhwt.dll
[2010/01/07 15:17:18 | 00,036,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\mohfilt.sys
[2010/01/07 15:17:17 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\intelmoh.dll
[2010/01/07 15:17:17 | 00,047,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC53.sys
[2010/01/07 15:17:16 | 01,339,776 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC51.sys
[2010/01/07 15:17:16 | 00,618,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC52.sys
[2010/01/07 14:52:38 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/01/07 14:52:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
[2010/01/07 14:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism
[2010/01/07 14:00:19 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/01/07 13:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dell
[2010/01/07 13:14:00 | 00,000,000 | ---D | C] -- C:\debug_symbols
[2010/01/07 13:08:58 | 00,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/01/07 12:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\dell driver updates
[2010/01/07 12:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder (2)
[2010/01/07 12:00:26 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/01/07 12:00:26 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/01/07 12:00:24 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/01/07 12:00:24 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/01/07 12:00:23 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/01/07 12:00:22 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/01/07 12:00:22 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/01/07 12:00:21 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/01/07 12:00:19 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/01/07 12:00:18 | 00,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/01/07 12:00:17 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/01/07 12:00:17 | 00,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/01/07 12:00:16 | 00,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/01/07 12:00:16 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/01/07 12:00:15 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/01/07 12:00:14 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/01/07 12:00:14 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/01/07 12:00:13 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/01/07 12:00:13 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/01/07 12:00:12 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/01/07 12:00:11 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/01/07 12:00:11 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/01/07 12:00:10 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2010/01/07 12:00:10 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/01/07 11:59:26 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/01/07 11:17:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\scan reports
[2010/01/07 10:56:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/05 21:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Version Cue
[2010/01/05 20:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2010/01/05 19:53:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/01/05 19:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/01/05 18:41:46 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/01/05 17:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/05 17:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/01/05 17:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/03 19:14:09 | 00,000,000 | ---D | C] -- C:\Driver Collector
[2010/01/01 17:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\elvina's website
[2009/10/07 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/10/07 20:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/01 23:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/27 11:44:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/27 11:44:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/27 11:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/18 21:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/14 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/01/14 10:23:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/14 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/01/14 09:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/01/14 08:41:27 | 00,139,041 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/14 08:41:26 | 47,806,987 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/14 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/01/14 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/01/14 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/01/14 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/01/14 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/01/14 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/01/14 01:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/01/14 00:26:06 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/01/13 23:00:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/01/13 22:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/01/13 21:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/01/13 20:23:08 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/13 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/01/13 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/01/13 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/01/13 17:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/01/13 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/01/13 15:49:41 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/01/13 15:49:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 15:49:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 15:48:59 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 15:47:43 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/13 15:47:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/13 15:44:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 14:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/01/13 13:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/01/13 12:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/01/13 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/01/13 02:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/01/10 20:38:01 | 00,096,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\paigemanup.jpg
[2010/01/07 18:05:18 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/01/07 17:26:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/07 17:26:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/07 16:29:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/07 16:29:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/07 16:07:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/07 16:07:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/07 14:04:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/07 14:04:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/07 13:55:13 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_DIM_3000.MRK
[2010/01/07 13:55:13 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_DIM_3000.MRK
[2010/01/07 13:26:11 | 00,002,590 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dell Driver Download Manager.lnk
[2010/01/07 12:21:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/07 12:21:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/07 12:14:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/07 12:14:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/07 11:15:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\settings.dat
[2010/01/07 00:49:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/07 00:49:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/07 00:22:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/07 00:22:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/05 20:06:17 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100105_200612.reg
[2010/01/05 17:21:49 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/05 13:29:24 | 00,008,582 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100105_132914.reg
[2009/12/31 19:53:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 09:42:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/16 21:25:10 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/12/15 14:25:41 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/13 15:44:34 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/10 20:37:54 | 00,096,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\paigemanup.jpg
[2010/01/07 13:55:13 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_DIM_3000.MRK
[2010/01/07 13:55:13 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_DIM_3000.MRK
[2010/01/07 13:26:11 | 00,002,590 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dell Driver Download Manager.lnk
[2010/01/07 11:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2010/01/05 20:06:14 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100105_200612.reg
[2010/01/05 17:21:47 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/05 13:29:19 | 00,008,582 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100105_132914.reg
[2009/10/09 18:32:24 | 00,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009/04/16 02:16:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/08 01:04:01 | 00,401,540 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2008/12/05 19:49:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/08/13 14:53:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2008/04/06 22:42:21 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/01/26 19:55:01 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff
[2008/01/02 00:33:39 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/01 18:59:17 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2007/01/27 15:49:38 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/25 23:35:37 | 00,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/01/25 23:35:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/01/19 00:13:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 14:02:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

and from Extras.txt:
OTL Extras logfile created on: 1/14/2010 11:06:08 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Owner\Desktop\downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.23 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SENA-093ADF5280
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Charon.zip\Charon.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Charon.zip\Charon.exe:*:Disabled:Charon - A proxy checking / scanning program. -- File not found
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Disabled:iCall -- File not found
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Disabled:Shareaza -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B9D9832-BAD8-4422-8934-3736DDEE2E1C}" = TL-WN821N Wireless Utility
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8CFA6A1-2FBE-4062-B40D-9E15E2443EC4}" = TL-WN821N Wireless Utility
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5F5DB68-7D12-485D-A246-FBD0D8DA0627}" = Mirar
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Alarm Clock_is1" = Alarm Clock v1.0
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"FileZilla Client" = FileZilla Client 3.1.0.1
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Soulseek2" = SoulSeek 157 NS 13c
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2010 8:23:05 AM | Computer Name = SENA-093ADF5280 | Source = Google Update | ID = 20
Description =

Error - 1/13/2010 9:23:17 AM | Computer Name = SENA-093ADF5280 | Source = Google Update | ID = 20
Description =

Error - 1/13/2010 10:23:09 AM | Computer Name = SENA-093ADF5280 | Source = Google Update | ID = 20
Description =

Error - 1/13/2010 11:23:08 AM | Computer Name = SENA-093ADF5280 | Source = Google Update | ID = 20
Description =

Error - 1/13/2010 6:34:43 PM | Computer Name = SENA-093ADF5280 | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2010 7:18:45 PM | Computer Name = SENA-093ADF5280 | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module bib.dll, version 1.2.1.1, fault address 0x000040b8.

Error - 1/13/2010 7:32:53 PM | Computer Name = SENA-093ADF5280 | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module cooltype.dll, version 5.4.15.1, fault address 0x00020488.

Error - 1/13/2010 7:40:19 PM | Computer Name = SENA-093ADF5280 | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module cooltype.dll, version 5.4.15.1, fault address 0x00020488.

Error - 1/13/2010 8:18:22 PM | Computer Name = SENA-093ADF5280 | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2010 10:18:47 PM | Computer Name = SENA-093ADF5280 | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module cooltype.dll, version 5.4.15.1, fault address 0x00020488.

[ System Events ]
Error - 1/14/2010 2:00:03 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 3:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At3.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 5:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 6:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At6.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 7:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At7.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 8:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At8.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 9:00:00 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At9.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 10:00:02 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At10.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 11:00:02 AM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942405

Error - 1/14/2010 12:00:00 PM | Computer Name = SENA-093ADF5280 | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942405


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 14 January 2010 - 11:46 AM

Hi,

please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 19 January 2010 - 01:19 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users