Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Of Death - DDS Included


  • This topic is locked This topic is locked
16 replies to this topic

#1 NBarkan

NBarkan

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 23 February 2010 - 09:17 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by Rick at 20:07:31.14 on Tue 02/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1624 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\StickyPad\StickyPad.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Soundcrank\SoundcrankLoader.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Rick\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sticky Pad] c:\program files\stickypad\StickyPad.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\soundc~1.lnk - c:\program files\soundcrank\SoundcrankLoader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\6rttcop1.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\rick\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-02-24 01:47:27 0 ----a-w- c:\users\rick\defogger_reenable
2010-02-18 05:11:13 0 d-----w- c:\program files\iPod
2010-02-15 05:05:52 0 d-----w- c:\users\rick\appdata\roaming\soundcrank
2010-02-15 05:05:39 0 d-----w- c:\program files\Soundcrank
2010-02-15 05:05:29 0 d-----w- c:\program files\Xobni
2010-02-09 19:16:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 19:16:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 19:16:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 19:16:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 19:16:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 19:16:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 19:16:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 19:16:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 19:16:01 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-09 19:16:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 23:17:08 0 d-----w- c:\users\rick\appdata\roaming\TuneUp Software
2010-02-08 23:15:54 0 d-----w- c:\programdata\TuneUp Software
2010-02-08 23:15:48 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-08 20:29:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-02-08 20:29:09 0 d-----w- c:\program files\common files\Deterministic Networks
2010-02-08 20:22:47 1594 ----a-w- c:\windows\VPNUnInstall.MIF
2010-02-05 19:23:02 0 d-----w- c:\windows\system32\Adobe
2010-01-27 17:11:16 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 17:11:16 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 17:11:12 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-27 17:11:12 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-27 03:38:38 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-02-15 01:40:35 27744 ----a-w- c:\programdata\nvModes.dat
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-11-30 04:07:38 141084 ----a-w- c:\windows\hpoins14.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2008-10-26 03:19:07 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:09:08.32 ===============


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 24 February 2010 - 04:38 PM

Hello.

Please try running RootRepeal.

Download and Run Scan with RootRepeal
We will use RootRepeal to scan for rootkits.
  • Open RootRepeal.exe on your desktop. If you are using Windows Vista, right click RootRepeal.exe and select Run As Administrator.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes.
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

With Regards,
The Panda

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 24 February 2010 - 04:42 PM

QUOTE
My computer was fine and dandy up until recently when I installed my program TuneUp utility
Please give me a link where I can download this program. I would like to identify any drivers it installed that may be causing these problems.

The Panda

#4 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 24 February 2010 - 10:39 PM

http://www.tune-up.com/products/tuneup-utilities/ is the main site where you can download a demo.

I have no clue where I downloaded it from, just know it was a torrent...I can't find which torrent it was exactly.

Edited by NBarkan, 24 February 2010 - 10:48 PM.


#5 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 24 February 2010 - 10:47 PM

Immediately as I open Rootrepeal it gives me this error:

FOPS - DeviceIoControl Error! Error Code=0x0000024
Extended Info (0x000000dc)

I clicked OK, went to report and pressed scanned, clicked everything and then C drive.

It gave me another error saying :

Could not initialize driver! Please contact the author!

Next another error saying:
Error Dumping SSDT (0xc0000024)!

I clicked OK on this and it started to scan through the stealth objects only

Error:
Attempt to read from address 0x0000004


I am not sure what is going... but nothing shows up from the rootrepeal note file when posted on my desktop!

What should we do now...

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 25 February 2010 - 04:23 PM

Hello.

It may just be that you are using Windows 7.

Let's use OTL to get an error log report.

Download and Run OTListIt
  • Please download OTListIt by OldTimer to your desktop.
  • Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
  • Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
  • Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located.
With Regards,
The Panda


#7 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 25 February 2010 - 05:06 PM

OTL logfile created on: 2/25/2010 3:57:47 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Rick\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 107.46 Gb Free Space | 48.18% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive E: | 5.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.11 Gb Total Space | 364.43 Gb Free Space | 78.36% Space Free | Partition Type: NTFS

Computer Name: NICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 15:57:09 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2010/01/26 16:54:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/12 10:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/09 14:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/17 21:31:52 | 000,108,544 | ---- | M] (Soundcrank, Inc.) -- C:\Program Files\Soundcrank\SoundcrankLoader.exe
PRC - [2009/02/05 21:49:00 | 000,521,216 | ---- | M] (Soundcrank, Inc.) -- C:\Program Files\Soundcrank\SoundcrankPlugin.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 11:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/07/11 12:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/06/11 23:17:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/04/26 02:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/04/17 12:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/04/17 12:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/15 15:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/04/15 14:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/04/11 10:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/03/25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 01:22:14 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2007/10/17 17:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
PRC - [2007/04/23 23:13:30 | 000,528,441 | ---- | M] (Green Eclipse) -- C:\Program Files\StickyPad\StickyPad.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/02/25 15:57:09 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/07/13 19:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/12 10:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/11 12:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/04/26 02:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/04/15 14:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/04/03 12:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/02/26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/09 01:22:14 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2007/12/04 18:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/17 17:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 14:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/07/11 12:31:00 | 007,530,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/05 20:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/06/05 10:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 13:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 12:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/31 19:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 19:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 19:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/06/18 16:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/10 19:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 16:54:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:17:02 | 000,000,000 | ---D | M]

[2009/11/15 22:34:42 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\mozilla\Extensions
[2010/02/25 01:33:30 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions
[2010/02/14 23:00:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/08 19:48:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/16 00:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/17 12:47:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Sticky Pad] C:\Program Files\StickyPad\StickyPad.exe (Green Eclipse)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Rick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/10/25 21:18:57 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 15:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{25920f26-e5e2-11de-9207-001d7279a4d5}\Shell - "" = AutoRun
O33 - MountPoints2\{25920f26-e5e2-11de-9207-001d7279a4d5}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/10/14 15:28:45 | 003,271,968 | ---- | M] (Western Digital)
O33 - MountPoints2\{84067660-fbf6-11de-a971-001d7279a4d5}\Shell - "" = AutoRun
O33 - MountPoints2\{84067660-fbf6-11de-a971-001d7279a4d5}\Shell\AutoRun\command - "" = F:\iStudio.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/25 15:56:54 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/02/23 15:55:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 15:55:17 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/02/23 15:55:16 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/02/23 15:55:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/02/23 15:55:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/02/23 15:55:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/17 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/14 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Xobni
[2010/02/14 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\soundcrank
[2010/02/14 23:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Soundcrank
[2010/02/14 23:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni
[2010/02/12 17:19:07 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/02/12 17:19:07 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/02/12 17:19:06 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/02/12 17:19:06 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/02/12 17:19:06 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/02/12 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2010/02/12 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\QuickPlay
[2010/02/09 13:16:03 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 13:16:03 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 13:16:03 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 13:15:59 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 13:15:58 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 13:15:56 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/09 13:15:56 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/09 13:15:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/09 13:15:55 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/09 13:15:55 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/09 13:15:55 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/09 13:15:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/09 13:15:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/08 18:57:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/08 17:17:08 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\TuneUp Software
[2010/02/08 17:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/02/08 17:15:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/08 14:29:45 | 000,127,376 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys
[2010/02/08 14:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2010/02/05 13:23:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/01/27 11:11:16 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/01/26 21:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 30 Days ==========

[2010/02/25 16:05:03 | 002,097,152 | -HS- | M] () -- C:\Users\Rick\NTUSER.DAT
[2010/02/25 16:03:10 | 409,715,200 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove.part1.rar
[2010/02/25 15:58:55 | 336,728,921 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove.part2.rar
[2010/02/25 15:57:09 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/02/25 15:49:53 | 209,715,200 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part3.rar
[2010/02/25 15:48:10 | 000,017,246 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/02/25 15:47:59 | 033,619,968 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part1.rar
[2010/02/25 15:41:33 | 104,902,024 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part4.rar
[2010/02/25 15:38:36 | 044,081,616 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part2.rar.part
[2010/02/25 15:38:36 | 000,000,000 | ---- | M] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part2.rar
[2010/02/25 15:32:47 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/25 15:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/25 12:09:05 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/25 12:09:05 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/25 12:09:05 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/24 23:13:35 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 23:13:35 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 23:08:07 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/24 23:04:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/24 23:03:55 | 293,681,929 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/24 23:03:41 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 20:51:24 | 002,121,765 | -H-- | M] () -- C:\Users\Rick\AppData\Local\IconCache.db
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/24 01:59:12 | 000,017,491 | -HS- | M] () -- C:\Users\Rick\Desktop\Folder.jpg
[2010/02/24 01:59:12 | 000,005,223 | -HS- | M] () -- C:\Users\Rick\Desktop\AlbumArtSmall.jpg
[2010/02/22 17:25:34 | 000,227,840 | ---- | M] () -- C:\Users\Rick\Desktop\Volunteer Opportunities.doc
[2010/02/17 20:48:52 | 000,171,294 | -H-- | M] () -- C:\Users\Rick\Desktop\._Picture 10(2)
[2010/02/17 12:35:49 | 000,017,521 | -HS- | M] () -- C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg
[2010/02/17 12:35:49 | 000,004,235 | -HS- | M] () -- C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg
[2010/02/15 01:33:45 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/02/14 23:05:41 | 000,002,063 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Soundcrank Loader.lnk
[2010/02/14 19:40:35 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/12 17:19:07 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/02/12 17:19:07 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/02/12 17:19:06 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/02/12 17:19:06 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/02/12 17:19:06 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/02/10 15:19:53 | 000,032,768 | ---- | M] () -- C:\Users\Rick\Desktop\Abstract 1.doc
[2010/02/10 15:18:42 | 000,032,768 | ---- | M] () -- C:\Users\Rick\Desktop\Abstract 2.doc
[2010/02/10 14:46:27 | 000,010,027 | -HS- | M] () -- C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg
[2010/02/10 14:46:26 | 000,002,741 | -HS- | M] () -- C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg
[2010/02/08 14:30:58 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/02/08 14:29:14 | 000,002,679 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/08 14:23:12 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/02/02 01:45:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/01 01:00:16 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/01/29 12:59:51 | 000,430,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/29 02:16:09 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRick.job
[2010/01/27 22:49:33 | 000,115,512 | ---- | M] () -- C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/02/25 15:38:41 | 031,260,672 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part1.rar
[2010/02/25 15:38:36 | 000,000,000 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part2.rar
[2010/02/25 15:38:35 | 209,715,200 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part3.rar
[2010/02/25 15:38:32 | 104,902,024 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part4.rar
[2010/02/25 15:38:28 | 041,755,088 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove-ultramovie.org.part2.rar.part
[2010/02/25 15:37:37 | 336,728,921 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove.part2.rar
[2010/02/25 15:37:33 | 409,715,200 | ---- | C] () -- C:\Users\Rick\Desktop\m-parislove.part1.rar
[2010/02/22 17:25:31 | 000,227,840 | ---- | C] () -- C:\Users\Rick\Desktop\Volunteer Opportunities.doc
[2010/02/17 20:57:30 | 000,171,294 | -H-- | C] () -- C:\Users\Rick\Desktop\._Picture 10(2)
[2010/02/17 12:35:49 | 000,017,521 | -HS- | C] () -- C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg
[2010/02/17 12:35:49 | 000,004,235 | -HS- | C] () -- C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg
[2010/02/14 23:06:11 | 000,000,032 | ---- | C] () -- C:\Users\Rick\AppData\Local\xobni_installer_updater.log
[2010/02/14 23:05:41 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Soundcrank Loader.lnk
[2010/02/14 15:22:43 | 000,032,768 | ---- | C] () -- C:\Users\Rick\Desktop\Abstract 2.doc
[2010/02/14 15:22:43 | 000,032,768 | ---- | C] () -- C:\Users\Rick\Desktop\Abstract 1.doc
[2010/02/10 14:46:27 | 000,010,027 | -HS- | C] () -- C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg
[2010/02/10 14:46:27 | 000,002,741 | -HS- | C] () -- C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg
[2010/02/08 14:29:14 | 000,002,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/08 14:22:47 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2009/11/29 22:05:49 | 000,000,492 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/15 22:30:40 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/15 22:30:35 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/10 21:38:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/17 13:26:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/02/12 18:33:11 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 26 February 2010 - 06:30 PM

Hello.

Sorry for the delay. I was a bit busy the last couple days and didn't have time to test the program on my VM. I'll do that tonight.

In the meantime, please run OTS since the error logs weren't generated from OTL for some reason.

Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop.
  • Double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • In the Additional Scans, check Evnt - Eventviewer logs (last 10 errors)
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

With Regards,
The Panda

#9 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 26 February 2010 - 10:03 PM

CODE
OTS logfile created on: 2/26/2010 8:52:28 PM - Run 1
OTS by OldTimer - Version 3.1.22.3     Folder = C:\Users\Rick\Desktop
Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 107.79 Gb Free Space | 48.33% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive E: | 5.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.68 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.11 Gb Total Space | 363.69 Gb Free Space | 78.19% Space Free | Partition Type: NTFS

Computer Name: NICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Rick\Desktop\OTS.exe -> [2010/02/26 20:50:54 | 000,632,832 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/26 16:54:09 | 000,910,296 | ---- | M] (Mozilla Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.)
itunes.exe -> C:\Program Files\iTunes\iTunes.exe -> [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
wdsmartware.exe -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe -> [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital)
wddmstatus.exe -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe -> [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC)
wddmservice.exe -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -> [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC)
xobniservice.exe -> C:\Program Files\Xobni\XobniService.exe -> [2009/10/12 10:33:26 | 000,046,824 | ---- | M] (Xobni Corporation)
skype.exe -> C:\Program Files\Skype\Phone\Skype.exe -> [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
skypepm.exe -> C:\Program Files\Skype\Plugin Manager\skypePM.exe -> [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2009/07/13 19:14:50 | 000,195,584 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation)
aim6.exe -> C:\Program Files\AIM6\aim6.exe -> [2009/07/09 14:07:14 | 000,049,968 | ---- | M] (AOL LLC)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
wdsmartwarebackgroundservice.exe -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -> [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo)
soundcrankloader.exe -> C:\Program Files\Soundcrank\SoundcrankLoader.exe -> [2009/04/17 21:31:52 | 000,108,544 | ---- | M] (Soundcrank, Inc.)
soundcrankplugin.exe -> C:\Program Files\Soundcrank\SoundcrankPlugin.exe -> [2009/02/05 21:49:00 | 000,521,216 | ---- | M] (Soundcrank, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
aolsoftware.exe -> C:\Program Files\AIM6\aolsoftware.exe -> [2008/11/06 11:33:00 | 000,041,264 | ---- | M] (AOL LLC)
nvvsvc.exe -> C:\Windows\System32\nvvsvc.exe -> [2008/07/11 12:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation)
qpservice.exe -> C:\Program Files\HP\QuickPlay\QPService.exe -> [2008/06/11 23:17:52 | 000,468,264 | ---- | M] (CyberLink Corp.)
blservice.exe -> C:\Windows\SMINST\BLService.exe -> [2008/04/26 02:15:26 | 000,361,808 | ---- | M] ()
syntphelper.exe -> C:\Program Files\Synaptics\SynTP\SynTPHelper.exe -> [2008/04/17 12:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2008/04/17 12:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2008/04/15 15:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> [2008/04/15 14:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard)
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2008/04/11 10:04:54 | 000,685,360 | ---- | M] ()
hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> [2008/03/25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.)
hpqbam08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe -> [2008/03/25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.)
hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2008/02/26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company)
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -> [2008/01/09 01:22:14 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.)
xaudio.exe -> C:\Windows\System32\drivers\XAudio.exe -> [2007/10/17 17:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.)
cvpnd.exe -> C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
stickypad.exe -> C:\Program Files\StickyPad\StickyPad.exe -> [2007/04/23 23:13:30 | 000,528,441 | ---- | M] (Green Eclipse)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)

[Modules - Safe List]
ots.exe -> C:\Users\Rick\Desktop\OTS.exe -> [2010/02/26 20:50:54 | 000,632,832 | ---- | M] (OldTimer Tools)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation)
sfc_os.dll -> C:\Windows\System32\sfc_os.dll -> [2009/07/13 19:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
msi.dll -> C:\Windows\System32\msi.dll -> [2009/07/13 19:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation)
msiltcfg.dll -> C:\Windows\System32\msiltcfg.dll -> [2009/07/13 19:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation)
sfc.dll -> C:\Windows\System32\sfc.dll -> [2009/07/13 19:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(WDDMService) WD SmartWare Drive Manager [Auto | Running] -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -> [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC)
(XobniService) XobniService [Auto | Running] -> C:\Program Files\Xobni\XobniService.exe -> [2009/10/12 10:33:26 | 000,046,824 | ---- | M] (Xobni Corporation)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(WwanSvc) WWAN AutoConfig [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)
(WbioSrvc) Windows Biometric Service [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
(Power) Power [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
(Themes) Themes [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
(sppuinotify) SPP Notification Service [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation)
(RpcEptMapper) RPC Endpoint Mapper [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
(SensrSvc) Adaptive Brightness [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PNRPsvc) Peer Name Resolution Protocol [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Peer Networking Identity Manager [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) HomeGroup Provider [On_Demand | Stopped] -> C:\Windows\System32\provsvc.dll -> [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) PNRP Machine Name Publication Service [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(HomeGroupListener) HomeGroup Listener [On_Demand | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(defragsvc) Disk Defragmenter [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
(BDESVC) BitLocker Drive Encryption Service [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
(AxInstSV) ActiveX Installer (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
(AppIDSvc) Application Identity [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)
(sppsvc) Software Protection [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(WDSmartWareBackgroundService) WD SmartWare Background Service [Auto | Running] -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -> [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
(nvsvc) NVIDIA Display Driver Service [Auto | Running] -> C:\Windows\System32\nvvsvc.exe -> [2008/07/11 12:31:00 | 000,196,608 | ---- | M] (NVIDIA Corporation)
(Recovery Service for Windows) Recovery Service for Windows [Auto | Running] -> C:\Windows\SMINST\BLService.exe -> [2008/04/26 02:15:26 | 000,361,808 | ---- | M] ()
(HP Health Check Service) HP Health Check Service [Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/04/15 14:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard)
(Com4QLBEx) Com4QLBEx [On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/04/03 12:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 20:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2008/02/26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company)
(hpqwmiex) hpqwmiex [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -> [2008/01/09 01:22:14 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -> [2007/12/04 18:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.)
(XAudioService) XAudioService [Auto | Running] -> C:\Windows\System32\drivers\XAudio.exe -> [2007/10/17 17:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.)
(CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] -> C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation)

[Driver Services - Safe List]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaapl.sys -> [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.)
(cmdide) cmdide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\cmdide.sys -> [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.)
(adpahci) adpahci [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpahci.sys -> [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.)
(adp94xx) adp94xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adp94xx.sys -> [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.)
(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsbs.sys -> [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.)
(adpu320) adpu320 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpu320.sys -> [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arcsas.sys -> [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.)
(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsata.sys -> [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices)
(arc) arc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arc.sys -> [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.)
(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\amdxata.sys -> [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices)
(aliide) aliide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\aliide.sys -> [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.)
(nvstor) nvstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvstor.sys -> [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation)
(nvraid) nvraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvraid.sys -> [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nfrd960.sys -> [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation)
(LSI_SAS) LSI_SAS [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas.sys -> [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation)
(iaStorV) iaStorV [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iaStorV.sys -> [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation)
(MegaSR) MegaSR [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MegaSR.sys -> [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.)
(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/07/13 19:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation)
(LSI_SCSI) LSI_SCSI [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_scsi.sys -> [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation)
(LSI_FC) LSI_FC [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_fc.sys -> [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation)
(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas2.sys -> [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation)
(iirsp) iirsp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iirsp.sys -> [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH)
(megasas) megasas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\megasas.sys -> [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation)
(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation)
(elxstor) elxstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\elxstor.sys -> [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex)
(aic78xx) aic78xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\djsvs.sys -> [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.)
(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HpSAMD.sys -> [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company)
(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation)
(vsmraid) vsmraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vsmraid.sys -> [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd)
(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vhdmp.sys -> [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation)
(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vdrvroot.sys -> [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\viaide.sys -> [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.)
(ql2300) ql2300 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql2300.sys -> [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation)
(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation)
(ql40xx) ql40xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql40xx.sys -> [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation)
(SiSRaid4) SiSRaid4 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\sisraid4.sys -> [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems)
(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation)
(SiSRaid2) SiSRaid2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\SiSRaid2.sys -> [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.)
(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\stexstor.sys -> [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology)
(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\Brserid.sys -> [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.)
(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\rdpbus.sys -> [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation)
(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation)
(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation)
(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation)
(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)
(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vwififlt.sys -> [2009/07/13 17:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)
(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation)
(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\1394ohci.sys -> [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation)
(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winusb.sys -> [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation)
(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation)
(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation)
(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CompositeBus.sys -> [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation)
(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\appid.sys -> [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation)
(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation)
(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation)
(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HidBatt.sys -> [2009/07/13 17:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation)
(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\acpipmi.sys -> [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation)
(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\amdppm.sys -> [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation)
(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\hcw85cir.sys -> [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbMdm.sys -> [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbSer.sys -> [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrSerWdm.sys -> [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltLo.sys -> [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltUp.sys -> [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvm62x32.sys -> [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation)
(b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation)
(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\evbdx.sys -> [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation)
(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\bxvbdx.sys -> [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2009/07/13 14:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.)
(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\wdcsam.sys -> [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2008/07/11 12:31:00 | 007,530,656 | ---- | M] (NVIDIA Corporation)
(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTSTOR.sys -> [2008/06/05 20:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.)
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2008/06/05 10:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.)
(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2008/05/09 13:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation)
(nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2008/04/17 12:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2007/10/31 19:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2007/10/31 19:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2007/10/31 19:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\CVPNDRVA.sys -> [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HpqKbFiltr.sys -> [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\dne2000.sys -> [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\CVirtA.sys -> [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\mdmxsdk.sys -> [2006/06/18 16:26:58 | 000,012,672 | ---- | M] (Conexant)
(USBModem) LGE Mobile USB Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbmodem.sys -> [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.)
(UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbdiag.sys -> [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.)
(usbbus) LGE Mobile Composite USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbbus.sys -> [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Rick\AppData\Roaming\Mozilla\FireFox\Profiles\6rttcop1.default\prefs.js ->
browser.startup.homepage -> "www.msn.com" ->
extensions.enabledItems -> moveplayer@movenetworks.com:7 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
< FireFox Settings [User.js] > -> C:\Users\Rick\AppData\Roaming\Mozilla\FireFox\Profiles\6rttcop1.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/11/10 19:20:39 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/26 16:54:27 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/18 19:17:02 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Users\Rick\AppData\Roaming\mozilla\Extensions -> [2009/11/15 22:34:42 | 000,000,000 | ---D | M]
  -> C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions -> [2010/02/26 01:40:04 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/02/14 23:00:41 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\6rttcop1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/02/08 19:48:23 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/16 00:13:36 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/08/17 12:47:28 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\HOSTS ->
Reset Hosts
127.0.0.1       localhost
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/14 12:33:34 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"hpqSRMon" -> C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe ["C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"] -> [2008/06/02 01:55:22 | 000,080,896 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ["C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"] -> [2008/04/15 15:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/07/11 12:31:00 | 013,543,968 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/07/11 12:31:00 | 000,092,704 | ---- | M] (NVIDIA Corporation)
"QPService" -> C:\Program Files\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> [2008/06/11 23:17:52 | 000,468,264 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008/04/17 12:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.)
"UCam_Menu" -> C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"] -> [2007/12/24 16:55:34 | 000,222,504 | ---- | M] (CyberLink Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> C:\Program Files\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> [2009/07/09 14:07:14 | 000,049,968 | ---- | M] (AOL LLC)
"Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
"Sticky Pad" -> C:\Program Files\StickyPad\StickyPad.exe [C:\Program Files\StickyPad\StickyPad.exe] -> [2007/04/23 23:13:30 | 000,528,441 | ---- | M] (Green Eclipse)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDesktopCleanupWizard" ->  [1] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5067A26B-1337-4436-8AFE-EE169C2DA79F}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Menu: Skype add-on for Internet Explorer] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2008/03/14 12:33:34 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.87.72.134 68.87.77.134 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5D82001F-9684-4881-A995-E1C07B2356E2}\\DhcpNameServer -> 68.87.72.134 68.87.77.134   (Atheros AR5009 802.11a/g/n WiFi Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 19:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/13 19:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 15:42:20 | 000,000,024 | ---- | M] ()
C:\Autorun_dll.log [BOOL CAutoRunApp::InitInstance() | BOOL CAutoRunApp::Init() | Create m_pIDiscMaster instance | BOOL CAutoRunApp::DetectWriters() | void CAutoRunApp::ClearBurner() | V_pIDiscRecorderID.clear() | IDiscRecorder2 instance created | imapi2Dev.lpDiscRecord2->InitializeDiscRecorder succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | DisableAutorun | BOOL CAutoRunApp::DoOPs(BOOL dis = 1) | Release previews... | re-initialisation | re-init success | DisableMcn | succeeded | ] -> C:\Autorun_dll.log [ NTFS ] -> [2008/10/25 21:18:57 | 000,003,802 | ---- | M] ()
H:\autorun.inf [[autorun] | open="WD SmartWare.exe" autoplay=true | ICON="WD SmartWare\SmartWare_CD.ICO" | ] -> H:\autorun.inf [ UDF ] -> [2009/06/18 15:12:18 | 000,000,088 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{25920f26-e5e2-11de-9207-001d7279a4d5}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25920f26-e5e2-11de-9207-001d7279a4d5}\shell
\{25920f26-e5e2-11de-9207-001d7279a4d5}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25920f26-e5e2-11de-9207-001d7279a4d5}\shell\AutoRun\command
\{25920f26-e5e2-11de-9207-001d7279a4d5}\shell\AutoRun\command\\"" -> H:\WD SmartWare.exe ["H:\WD SmartWare.exe" autoplay=true] -> [2009/10/14 15:28:45 | 003,271,968 | ---- | M] (Western Digital)
\{84067660-fbf6-11de-a971-001d7279a4d5}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84067660-fbf6-11de-a971-001d7279a4d5}\shell
\{84067660-fbf6-11de-a971-001d7279a4d5}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84067660-fbf6-11de-a971-001d7279a4d5}\shell\AutoRun\command
\{84067660-fbf6-11de-a971-001d7279a4d5}\shell\AutoRun\command\\"" -> F:\iStudio.exe [F:\iStudio.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Rick\Desktop\OTS.exe -> [2010/02/26 20:50:30 | 000,632,832 | ---- | C] (OldTimer Tools)
Maxwell_Black_Summers_Night_2009 -> C:\Users\Rick\Desktop\Maxwell_Black_Summers_Night_2009 -> [2010/02/26 20:17:02 | 000,000,000 | ---D | C]
Orianthi - Violet Journey -> C:\Users\Rick\Desktop\Orianthi - Violet Journey -> [2010/02/26 16:40:43 | 000,000,000 | ---D | C]
Orianthi - Believe -> C:\Users\Rick\Desktop\Orianthi - Believe -> [2010/02/26 16:40:42 | 000,000,000 | ---D | C]
New Boyz - Skinny Jeans And A Mic -> C:\Users\Rick\Desktop\New Boyz - Skinny Jeans And A Mic -> [2010/02/26 16:26:43 | 000,000,000 | ---D | C]
jscript.dll -> C:\Windows\System32\jscript.dll -> [2010/02/23 15:55:22 | 000,716,800 | ---- | C] (Microsoft Corporation)
CPFilters.dll -> C:\Windows\System32\CPFilters.dll -> [2010/02/23 15:55:17 | 000,641,536 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\System32\psisdecd.dll -> [2010/02/23 15:55:16 | 000,465,408 | ---- | C] (Microsoft Corporation)
msdri.dll -> C:\Windows\System32\msdri.dll -> [2010/02/23 15:55:16 | 000,417,792 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\System32\MSNP.ax -> [2010/02/23 15:55:16 | 000,204,288 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/02/23 15:55:13 | 000,002,048 | ---- | C] (Microsoft Corporation)
iPod -> C:\Program Files\iPod -> [2010/02/17 23:11:13 | 000,000,000 | ---D | C]
Xobni -> C:\Users\Rick\AppData\Local\Xobni -> [2010/02/14 23:06:05 | 000,000,000 | ---D | C]
soundcrank -> C:\Users\Rick\AppData\Roaming\soundcrank -> [2010/02/14 23:05:52 | 000,000,000 | ---D | C]
Soundcrank -> C:\Program Files\Soundcrank -> [2010/02/14 23:05:39 | 000,000,000 | ---D | C]
Xobni -> C:\Program Files\Xobni -> [2010/02/14 23:05:29 | 000,000,000 | ---D | C]
MobileTV.exe -> C:\Users\Public\Documents\MobileTV.exe -> [2010/02/12 17:19:07 | 003,063,561 | ---- | C] (Macromedia, Inc.)
DVD.exe -> C:\Users\Public\Documents\DVD.exe -> [2010/02/12 17:19:07 | 002,989,660 | ---- | C] (Macromedia, Inc.)
MPV.exe -> C:\Users\Public\Documents\MPV.exe -> [2010/02/12 17:19:06 | 002,864,396 | ---- | C] (Macromedia, Inc.)
Karaoke.exe -> C:\Users\Public\Documents\Karaoke.exe -> [2010/02/12 17:19:06 | 002,331,174 | ---- | C] (Macromedia, Inc.)
Games.exe -> C:\Users\Public\Documents\Games.exe -> [2010/02/12 17:19:06 | 002,231,606 | ---- | C] (Macromedia, Inc.)
ENU -> C:\Users\Public\Documents\ENU -> [2010/02/12 17:19:05 | 000,000,000 | ---D | C]
QuickPlay -> C:\Users\Rick\AppData\Local\QuickPlay -> [2010/02/12 17:19:03 | 000,000,000 | ---D | C]
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/02/09 13:16:03 | 001,328,640 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/02/09 13:16:03 | 000,091,648 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/02/09 13:16:03 | 000,084,480 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/02/09 13:15:59 | 003,955,288 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/02/09 13:15:58 | 003,899,464 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/02/09 13:15:56 | 000,369,152 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/02/09 13:15:56 | 000,365,568 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/02/09 13:15:56 | 000,324,608 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/02/09 13:15:55 | 000,320,512 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/02/09 13:15:55 | 000,280,064 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/02/09 13:15:55 | 000,277,504 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/02/09 13:15:55 | 000,085,504 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/02/09 13:15:55 | 000,085,504 | ---- | C] (Microsoft Corporation)
Minidump -> C:\Windows\Minidump -> [2010/02/08 18:57:33 | 000,000,000 | ---D | C]
TuneUp Software -> C:\Users\Rick\AppData\Roaming\TuneUp Software -> [2010/02/08 17:17:08 | 000,000,000 | ---D | C]
TuneUp Software -> C:\ProgramData\TuneUp Software -> [2010/02/08 17:15:54 | 000,000,000 | ---D | C]
{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> [2010/02/08 17:15:48 | 000,000,000 | -HSD | C]
dne2000.sys -> C:\Windows\System32\drivers\dne2000.sys -> [2010/02/08 14:29:45 | 000,127,376 | ---- | C] (Deterministic Networks, Inc.)
Deterministic Networks -> C:\Program Files\Common Files\Deterministic Networks -> [2010/02/08 14:29:09 | 000,000,000 | ---D | C]
Adobe -> C:\Windows\System32\Adobe -> [2010/02/05 13:23:02 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Rick\NTUSER.DAT -> [2010/02/26 20:58:46 | 002,097,152 | -HS- | M] ()
OTS.exe -> C:\Users\Rick\Desktop\OTS.exe -> [2010/02/26 20:50:54 | 000,632,832 | ---- | M] (OldTimer Tools)
Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/02/26 20:30:43 | 000,017,246 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/02/26 20:16:19 | 000,027,744 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/02/26 19:45:47 | 000,009,504 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/02/26 19:45:47 | 000,009,504 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/02/26 19:42:00 | 000,717,892 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/02/26 19:42:00 | 000,618,264 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/02/26 19:42:00 | 000,104,546 | ---- | M] ()
hpqp.ini -> C:\Users\Public\Documents\hpqp.ini -> [2010/02/26 19:38:45 | 000,000,246 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/02/26 19:37:11 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/02/26 19:37:08 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/02/26 19:36:40 | 2213,351,424 | -HS- | M] ()
IconCache.db -> C:\Users\Rick\AppData\Local\IconCache.db -> [2010/02/26 17:01:29 | 002,123,425 | -H-- | M] ()
B.o.B. - Nothin On You (Feat Bruno Mars).mp3 -> C:\Users\Rick\Desktop\B.o.B. - Nothin On You (Feat Bruno Mars).mp3 -> [2010/02/26 16:08:18 | 006,486,497 | ---- | M] ()
Young Cash - Sometimes (Cheers Theme) (Feat. T-Pain And IceBerg).mp3 -> C:\Users\Rick\Desktop\Young Cash - Sometimes (Cheers Theme) (Feat. T-Pain And IceBerg).mp3 -> [2010/02/26 13:03:03 | 005,361,426 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/02/24 23:03:55 | 293,681,929 | ---- | M] ()
MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation)
Volunteer Opportunities.doc -> C:\Users\Rick\Desktop\Volunteer Opportunities.doc -> [2010/02/22 17:25:34 | 000,227,840 | ---- | M] ()
._Picture 10(2) -> C:\Users\Rick\Desktop\._Picture 10(2) -> [2010/02/17 20:48:52 | 000,171,294 | -H-- | M] ()
AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg -> C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg -> [2010/02/17 12:35:49 | 000,017,521 | -HS- | M] ()
AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg -> C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg -> [2010/02/17 12:35:49 | 000,004,235 | -HS- | M] ()
McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2010/02/15 01:33:45 | 000,000,338 | ---- | M] ()
Soundcrank Loader.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Soundcrank Loader.lnk -> [2010/02/14 23:05:41 | 000,002,063 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/02/14 19:40:35 | 000,027,744 | ---- | M] ()
MobileTV.exe -> C:\Users\Public\Documents\MobileTV.exe -> [2010/02/12 17:19:07 | 003,063,561 | ---- | M] (Macromedia, Inc.)
DVD.exe -> C:\Users\Public\Documents\DVD.exe -> [2010/02/12 17:19:07 | 002,989,660 | ---- | M] (Macromedia, Inc.)
MPV.exe -> C:\Users\Public\Documents\MPV.exe -> [2010/02/12 17:19:06 | 002,864,396 | ---- | M] (Macromedia, Inc.)
Karaoke.exe -> C:\Users\Public\Documents\Karaoke.exe -> [2010/02/12 17:19:06 | 002,331,174 | ---- | M] (Macromedia, Inc.)
Games.exe -> C:\Users\Public\Documents\Games.exe -> [2010/02/12 17:19:06 | 002,231,606 | ---- | M] (Macromedia, Inc.)
AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg -> C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg -> [2010/02/10 14:46:27 | 000,010,027 | -HS- | M] ()
AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg -> C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg -> [2010/02/10 14:46:26 | 000,002,741 | -HS- | M] ()
VPNInstall.MIF -> C:\Windows\VPNInstall.MIF -> [2010/02/08 14:30:58 | 000,001,594 | ---- | M] ()
VPN Client.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk -> [2010/02/08 14:29:14 | 000,002,679 | ---- | M] ()
VPNUnInstall.MIF -> C:\Windows\VPNUnInstall.MIF -> [2010/02/08 14:23:12 | 000,001,594 | ---- | M] ()
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/02/02 01:45:54 | 000,002,048 | ---- | M] (Microsoft Corporation)
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2010/02/01 01:00:16 | 000,000,316 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/01/29 12:59:51 | 000,430,416 | ---- | M] ()
HPCeeScheduleForRick.job -> C:\Windows\tasks\HPCeeScheduleForRick.job -> [2010/01/29 02:16:09 | 000,000,318 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/01/27 22:49:33 | 000,115,512 | ---- | M] ()

[Files - No Company Name]
B.o.B. - Nothin On You (Feat Bruno Mars).mp3 -> C:\Users\Rick\Desktop\B.o.B. - Nothin On You (Feat Bruno Mars).mp3 -> [2010/02/26 16:06:10 | 006,486,497 | ---- | C] ()
Young Cash - Sometimes (Cheers Theme) (Feat. T-Pain And IceBerg).mp3 -> C:\Users\Rick\Desktop\Young Cash - Sometimes (Cheers Theme) (Feat. T-Pain And IceBerg).mp3 -> [2010/02/26 13:02:30 | 005,361,426 | ---- | C] ()
Volunteer Opportunities.doc -> C:\Users\Rick\Desktop\Volunteer Opportunities.doc -> [2010/02/22 17:25:31 | 000,227,840 | ---- | C] ()
._Picture 10(2) -> C:\Users\Rick\Desktop\._Picture 10(2) -> [2010/02/17 20:57:30 | 000,171,294 | -H-- | C] ()
AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg -> C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Large.jpg -> [2010/02/17 12:35:49 | 000,017,521 | -HS- | C] ()
AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg -> C:\Users\Rick\Desktop\AlbumArt_{E40A7D2D-E01D-4FA0-9620-997A0EABD45B}_Small.jpg -> [2010/02/17 12:35:49 | 000,004,235 | -HS- | C] ()
xobni_installer_updater.log -> C:\Users\Rick\AppData\Local\xobni_installer_updater.log -> [2010/02/14 23:06:11 | 000,000,032 | ---- | C] ()
Soundcrank Loader.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Soundcrank Loader.lnk -> [2010/02/14 23:05:41 | 000,002,063 | ---- | C] ()
AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg -> C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Large.jpg -> [2010/02/10 14:46:27 | 000,010,027 | -HS- | C] ()
AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg -> C:\Users\Rick\Desktop\AlbumArt_{B3CF1E81-2141-47E3-A7EE-ADEF60A10E3C}_Small.jpg -> [2010/02/10 14:46:27 | 000,002,741 | -HS- | C] ()
VPN Client.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk -> [2010/02/08 14:29:14 | 000,002,679 | ---- | C] ()
VPNUnInstall.MIF -> C:\Windows\VPNUnInstall.MIF -> [2010/02/08 14:22:47 | 000,001,594 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009/08/17 13:26:51 | 000,000,376 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/13 22:52:31 | 000,043,318 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/13 22:52:31 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/13 22:52:31 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/13 22:52:31 | 000,026,040 | ---- | C] ()
BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 17:51:43 | 000,073,728 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 17:42:10 | 000,064,000 | ---- | C] ()
FCIC.INI -> C:\Windows\FCIC.INI -> [2009/02/12 18:33:11 | 000,002,528 | ---- | C] ()
vpnapi.dll -> C:\Windows\System32\vpnapi.dll -> [2007/07/16 11:58:10 | 000,197,408 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/03/09 03:58:00 | 001,060,424 | ---- | C] ()
OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
< End of report >



#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 27 February 2010 - 10:31 AM

Hello.

Please upload these two files to me.

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    CODE
    http://www.bleepingcomputer.com/forums/t/298120/blue-screen-of-death-dds-included/
  • Click the Browse button. Locate and select the following files:
    1. C:\Windows\Minidump\022310-51199-01.dmp
    2. C:\Users\Rick\AppData\Local\Temp\WER-165220-0.sysdata.xml
    (If more than one file is listed, do one at a time.)
  • Under the comments section, say that Panda asked for the submission.
Tell me when the files are uploaded please.

With Regards,
The Panda

Edited by PropagandaPanda, 27 February 2010 - 10:32 AM.


#11 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 28 February 2010 - 02:49 PM

I cannot access the first one...it says i must contact the administrator, but i am the admin for this computer. I also tried to make myself the admin by following a step by step thing and it didnt do anything. As well, the other file isn't being found....

Edited by NBarkan, 28 February 2010 - 03:01 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 28 February 2010 - 03:14 PM

Hello.

Let's try using the system restore then. Refering to the guide here, restore your computer to a point before you installed the TuneUp utility, if one is available:
http://pcsupport.about.com/od/fixtheproble...e-windows-7.htm

Tell me how it goes.

With Regards,
The Panda

#13 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 01 March 2010 - 02:21 AM

The only restore point is a windows update which was right before i uninstalled tune-up...There is nothing before...?

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 01 March 2010 - 09:29 PM

Hello.

Export Event Logs
We need to do some diagnostics. The event logs will help determine errors you are having.
  • Click on your Start Menu > Run > Type: eventvwr.msc
  • In the EventViewer look to the panel on the left. If you are using Windows Vista/7, expand the "Windows logs" Section.
    For the "Application" and "System" logs:
    • Right click the item and select Save LogFile as.
    • Save it as Application or System on your desktop. Use the default file extensions.
  • Highlight the two logs on your desktop and select Send To > Compressed zip folder.
  • Include the .zip file in your next reply as an attachment.
With Regards,
The Panda

Edited by PropagandaPanda, 01 March 2010 - 09:29 PM.


#15 NBarkan

NBarkan
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 02 March 2010 - 02:00 PM

The file was too big to attach and doing them separately as well.

Here is a link which I uploaded the file to.

http://www.sendspace.com/file/inrgnh




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users