Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Home Premium BSOD's when playing videos


  • This topic is locked This topic is locked
64 replies to this topic

#1 Invisiblefiend

Invisiblefiend

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 04 September 2010 - 08:51 PM

I'm posting this here at someone's urging in the Windows 7 support forums. Here is my original thread's text:
____________________________________________________________________________________________________
My month-old laptop just had it's first BSOD a couple days ago, while I was watching a youtube video and loading another one. I really can't go half an hour without a bluescreen, but it only seems to happen while watching videos. I don't know what kind of information I need to supply you with; all I could do is record the stop line from my latest BSOD.

*** STOP: 0x0000007F (0x0000000000000008, 0x0000000080050033, 0x00000000000006F8, 0xFFFFF80002C87EC8)

Please give me some guidance. dry.gif
____________________________________________________________________________________________________

I'm including DDS logs with this. I have tried to run GMER too, but whenever I do, I get this error: C:\Windows\system32\config\system: The system cannot find the file specified.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Peter at 21:20:23.96 on Sat 09/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2462 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\IntelŪ Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\IntelŪ Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Peter\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files (x86)\sophos\sophos anti-virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] "c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US /HIDEBL
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files (x86)\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [WirelessAssistant] "c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [NACAgentUI] "c:\program files (x86)\cisco\cisco nac agent\NACAgentUI.exe"
mRun: [SecureW2 Tray] "c:\program files (x86)\securew2\sw2_tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files (x86)\sophos\autoupdate\ALMon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
AppInit_DLLs: c:\progra~2\sophos\sophos~1\SOPHOS~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\program files (x86)\sophos\sophos anti-virus\SophosBHOX64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI64.exe" -s
mRun-x64: [RtkOSD] "c:\program files (x86)\realtek\audio\osd\RtVOsd64.exe"
mRun-x64: [HP Quick Launch] "c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe"
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun-x64: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "c:\windows\system32\igfxpers.exe"
AppInit_DLLs-X64: c:\progra~2\sophos\sophos~1\SOPHOS~2.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\7rgocj53.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\7rgocj53.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\FFExternalAlert.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\7rgocj53.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\7rgocj53.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-8-31 111608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2010-5-23 98208]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\hewlett-packard\shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-1-18 20480]
R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\sophos\sophos anti-virus\SAVAdminService.exe [2010-8-31 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files (x86)\sophos\sophos anti-virus\SavService.exe [2010-8-31 98304]
R2 Sophos Agent;Sophos Agent;c:\program files (x86)\sophos\remote management system\ManagementAgentNT.exe [2010-8-31 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files (x86)\sophos\autoupdate\ALsvc.exe [2010-8-30 172032]
R2 Sophos Message Router;Sophos Message Router;c:\program files (x86)\sophos\remote management system\RouterNT.exe [2010-8-31 794624]
R2 UNS;IntelŪ Management & Security Application User Notification Service;c:\program files (x86)\intel\intelŪ management engine components\uns\UNS.EXE [2010-5-23 2320920]
R3 HECIx64;IntelŪ Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-5 158720]
R3 IntcDAud;IntelŪ Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-5 271872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-5-23 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-29 1089056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;IntelŪ Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nosGetPlusHelper;getPlusŪ Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-23 225280]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-16 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-8-31 23360]

=============== Created Last 30 ================

2010-09-01 19:19:05 0 d-----w- c:\windows\pss
2010-08-31 23:52:50 166440 ---ha-w- c:\windows\system32\02fc6b4c.stf
2010-08-31 23:52:50 166440 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-08-31 23:52:25 0 d-----w- c:\program files (x86)\common files\Cisco Systems
2010-08-31 23:52:23 30208 ----a-w- c:\windows\system32\sophosboottasks.exe
2010-08-31 23:51:41 111608 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-08-31 23:51:33 23360 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-08-31 18:41:19 0 d-----w- c:\program files (x86)\Sophos
2010-08-30 23:30:15 0 d-----w- c:\program files (x86)\Free RAR Extract Frog
2010-08-30 23:26:50 0 d-----w- c:\users\peter\appdata\roaming\Philipp Winterberg
2010-08-26 18:40:38 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-08-26 02:44:37 0 d-----w- c:\program files (x86)\SecureW2
2010-08-26 01:49:14 82432 ----a-w- c:\windows\syswow64\msxml4r.dll
2010-08-26 01:48:59 0 d-----w- c:\programdata\Sophos
2010-08-26 01:42:19 0 d-----w- c:\programdata\Cisco
2010-08-26 01:42:14 0 d-----w- c:\program files (x86)\common files\Cisco
2010-08-24 18:55:24 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 18:55:24 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-21 21:45:11 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-08-21 21:37:34 0 d-----w- c:\users\peter\appdata\roaming\HP Support Assistant
2010-08-18 21:09:07 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-18 03:01:27 371986540 ----a-w- c:\windows\MEMORY.DMP
2010-08-17 22:42:30 1450 ----a-w- c:\users\peter\.recently-used.xbel
2010-08-17 05:22:55 0 d-----w- c:\users\peter\appdata\roaming\Mp3tag
2010-08-17 05:22:48 0 d-----w- c:\program files (x86)\Mp3tag
2010-08-17 03:41:09 0 d-----w- c:\users\peter\.thumbnails
2010-08-17 03:38:42 0 d-----w- c:\users\peter\.gimp-2.6
2010-08-16 19:08:40 0 d-----w- c:\programdata\AIM
2010-08-16 19:08:33 0 d-----w- c:\program files (x86)\AIM
2010-08-16 19:08:29 0 d-----w- c:\program files (x86)\common files\Software Update Utility
2010-08-16 19:08:27 0 d-----w- c:\program files (x86)\common files\AOL
2010-08-16 19:07:25 348 ---ha-w- C:\IPH.PH
2010-08-16 19:01:14 0 d-----w- c:\users\peter\appdata\roaming\OpenOffice.org
2010-08-16 18:19:49 0 d-----w- c:\windows\syswow64\Wat
2010-08-16 18:19:49 0 d-----w- c:\windows\system32\Wat
2010-08-16 08:58:05 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-16 08:58:05 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-16 08:58:05 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-16 08:58:05 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-16 08:58:05 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-16 08:58:05 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-16 08:58:05 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-16 08:58:05 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-16 08:58:04 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-16 08:58:04 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-16 08:33:41 0 d-----w- c:\programdata\NOS
2010-08-16 08:04:21 0 d-----w- c:\program files (x86)\JRE
2010-08-16 08:04:16 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-08-16 08:03:03 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-16 08:03:03 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-16 08:03:03 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-16 07:47:56 0 d-----w- c:\users\peter\appdata\roaming\Malwarebytes
2010-08-16 07:47:44 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 07:47:44 0 d-----w- c:\programdata\Malwarebytes
2010-08-16 07:47:43 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-16 07:45:29 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL
2010-08-16 07:45:29 1071088 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
2010-08-16 07:45:28 0 d-----w- c:\program files (x86)\SpywareBlaster
2010-08-16 07:26:23 0 d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2010-08-16 07:09:05 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-16 07:09:05 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-08-16 07:09:04 552960 ----a-w- c:\windows\system32\msdri.dll
2010-08-16 07:09:04 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-08-16 07:09:04 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-16 07:09:04 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-08-16 07:09:03 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-16 07:09:01 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-08-16 07:09:00 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-08-16 06:58:44 58368 ----a-w- c:\windows\syswow64\vsregexp.dll
2010-08-16 06:58:30 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-16 06:58:07 69120 ----a-w- c:\windows\syswow64\zlcomm.dll
2010-08-16 06:58:07 103936 ----a-w- c:\windows\syswow64\zlcommdb.dll
2010-08-16 06:58:04 43008 ----a-w- c:\windows\syswow64\vswmi.dll
2010-08-16 06:58:02 1238528 ----a-w- c:\windows\syswow64\zpeng25.dll
2010-08-16 06:58:02 110080 ----a-w- c:\windows\syswow64\vsxml.dll
2010-08-16 06:58:01 302592 ----a-w- c:\windows\syswow64\vspubapi.dll
2010-08-16 06:58:01 0 d-----w- c:\windows\syswow64\ZoneLabs
2010-08-16 06:58:00 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2010-08-16 06:58:00 420801 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2010-08-16 06:58:00 112128 ----a-w- c:\windows\syswow64\vsdata.dll
2010-08-16 06:58:00 108032 ----a-w- c:\windows\syswow64\vsmonapi.dll
2010-08-16 06:57:54 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2010-08-16 06:57:53 0 d-----w- c:\program files (x86)\Zone Labs
2010-08-16 06:56:36 0 d-----w- c:\programdata\CheckPoint
2010-08-16 06:56:35 0 d-----w- c:\windows\Internet Logs
2010-08-16 06:56:34 713728 ----a-w- c:\windows\syswow64\vsutil.dll
2010-08-16 06:56:34 228864 ----a-w- c:\windows\syswow64\vsinit.dll
2010-08-16 06:01:15 0 ----a-w- c:\users\peter\jagex__preferences3.dat
2010-08-16 06:01:14 99 ----a-w- c:\users\peter\jagex_runescape_preferences2.dat
2010-08-16 05:59:50 46 ----a-w- c:\users\peter\jagex_runescape_preferences.dat
2010-08-16 05:59:35 0 d-----w- C:\.jagex_cache_32
2010-08-16 05:02:09 0 d-----w- c:\programdata\Sun
2010-08-16 05:02:00 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-08-16 04:44:19 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-16 04:33:08 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-08-16 04:33:08 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-08-16 04:33:08 139264 ----a-w- c:\windows\system32\cabview.dll
2010-08-16 04:33:08 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-08-16 04:31:00 0 d-----w- c:\users\peter\appdata\roaming\HpUpdate
2010-08-15 22:22:15 0 d-----w- c:\users\peter\appdata\roaming\hpqlog

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:21:00.97 ===============

Attached Files


Edited by Invisiblefiend, 04 September 2010 - 08:52 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 13 September 2010 - 04:15 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 13 September 2010 - 11:40 PM

Hi Elise,

Just like with GMER, I'm having trouble getting Rootkit Unhooker to run; it tells me, "error loading driver NTSTATUS code: 0xC000036B."

I have learned over the last week that it's not watching videos that provokes my computer to BSOD. I can't identify a trigger at all, since it has now BSOD'd on me while just reading on another forum. I tried disabling the audio, but that didn't work. I then updated my audio drivers and my BIOS file, but that didn't solve the problem either.

Someone else took a look at my logs and said he suspected Sophos antivirus, which I'm required to have a copy of in order to access my college's network, was interfering with the HP-update processes and causing my BSOD's. So I looked in the quarantine and saw that a file called VideoMem32.udm was sitting in there, marked for suspicious behavior. I authorized it and after I received yet another BSOD later on, I disabled suspicious behavior quarantining altogether.

A few minutes ago it BSOD'd again, so I'm really at loss of new things to try. I've disabled Sophos for now to see if this continues.

I can give you OTL logs and also the text of my latest minidump file:

OTL logfile created on: 9/14/2010 12:11:30 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 244.88 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETER-PC
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 00:04:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2010/08/31 19:51:33 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 00:04:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/18 18:04:08 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/31 19:51:33 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/08/31 19:51:33 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/08/31 19:51:30 | 000,794,624 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2010/08/31 19:51:30 | 000,266,240 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2010/08/30 11:35:51 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/07/26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/12 15:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/09 14:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/31 19:51:41 | 000,111,608 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2010/08/31 19:51:33 | 000,023,360 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 15:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/03/05 15:57:18 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/29 02:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 21:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 21:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 21:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4210307057-489378270-1912565153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-4210307057-489378270-1912565153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-4210307057-489378270-1912565153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:2.7.2.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/21 04:45:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/16 00:44:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 14:29:50 | 000,000,000 | ---D | M]

[2010/08/16 00:45:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2010/09/13 20:41:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7rgocj53.default\extensions
[2010/08/30 11:25:34 | 000,000,000 | ---D | M] (Runescape Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7rgocj53.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010/08/16 04:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7rgocj53.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/08 23:29:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/16 04:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 01:04:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 01:04:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/16 01:18:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-4210307057-489378270-1912565153-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4210307057-489378270-1912565153-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.172.90.11 128.172.1.1 128.172.90.10 128.172.1.2
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 00:04:57 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010/09/12 22:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/09/12 20:58:18 | 000,000,000 | ---D | C] -- C:\symbols
[2010/09/12 20:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg
[2010/09/12 20:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2010/09/12 20:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/09/12 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Miscellaneous
[2010/09/12 20:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/09/01 15:19:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/31 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Anthropology
[2010/08/31 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Biology
[2010/08/31 23:41:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Statistics
[2010/08/31 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Sophos
[2010/08/31 19:52:50 | 000,166,440 | -H-- | C] (Sophos Plc) -- C:\Windows\SysNative\02fc6b4c.stf
[2010/08/31 19:52:50 | 000,166,440 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2010/08/31 19:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2010/08/31 19:52:23 | 000,030,208 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sophosboottasks.exe
[2010/08/31 19:51:41 | 000,111,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2010/08/31 19:51:33 | 000,023,360 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2010/08/31 14:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/30 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2010/08/30 19:26:50 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Philipp Winterberg
[2010/08/28 15:39:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Psychology
[2010/08/26 14:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/26 13:44:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
[2010/08/25 22:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecureW2
[2010/08/25 22:09:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/25 21:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2010/08/25 21:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/08/25 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco
[2010/08/21 17:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2010/08/21 17:37:34 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\HP Support Assistant
[2010/08/18 17:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/17 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/17 01:22:55 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Mp3tag
[2010/08/17 01:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010/08/16 23:41:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2010/08/16 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\Peter\.thumbnails
[2010/08/16 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\Peter\.gimp-2.6
[2010/08/16 16:10:02 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\acccore
[2010/08/16 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\AOL
[2010/08/16 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\AIM
[2010/08/16 15:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/08/16 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/08/16 15:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/08/16 15:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/08/16 15:01:14 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010/08/16 14:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/08/16 14:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/08/16 04:41:39 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Diagnostics
[2010/08/16 04:34:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Macromedia
[2010/08/16 04:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/16 04:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/08/16 04:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/08/16 04:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/08/16 03:47:56 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2010/08/16 03:47:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 03:47:44 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/16 03:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/16 03:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/16 03:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/08/16 03:27:00 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Audacity
[2010/08/16 03:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/08/16 02:58:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/08/16 02:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/08/16 02:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/08/16 02:56:35 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/08/16 02:29:29 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Wii Homebrew
[2010/08/16 02:29:28 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Runescape
[2010/08/16 02:29:24 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\RKill
[2010/08/16 02:29:10 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Phantasy Star Online
[2010/08/16 02:29:10 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Novel Concept
[2010/08/16 02:28:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Java
[2010/08/16 02:28:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Highschool Work
[2010/08/16 02:28:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Gcncrypt
[2010/08/16 02:28:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Chat Logs
[2010/08/16 01:59:35 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/08/16 01:15:46 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\PackageAware
[2010/08/16 01:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/16 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/16 00:50:33 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Adobe
[2010/08/16 00:44:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Mozilla
[2010/08/16 00:44:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Mozilla
[2010/08/16 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/16 00:40:09 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Adobe
[2010/08/16 00:31:00 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\HpUpdate
[2010/08/15 18:22:39 | 000,000,000 | R--D | C] -- C:\Users\Peter\Searches
[2010/08/15 18:22:39 | 000,000,000 | -H-D | C] -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/15 18:22:32 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Identities
[2010/08/15 18:22:29 | 000,000,000 | R--D | C] -- C:\Users\Peter\Contacts
[2010/08/15 18:22:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\VirtualStore
[2010/08/15 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\hpqlog
[2010/08/15 18:22:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Hewlett-Packard
[2010/08/15 18:19:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Hewlett-Packard
[2010/08/15 18:18:20 | 000,000,000 | --SD | C] -- C:\Users\Peter\AppData\Roaming\Microsoft
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Videos
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Saved Games
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Pictures
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Music
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Links
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Favorites
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Downloads
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\My Documents
[2010/08/15 18:18:20 | 000,000,000 | R--D | C] -- C:\Users\Peter\Desktop
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\Temporary Internet Files
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Templates
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Start Menu
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\SendTo
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Recent
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\PrintHood
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\NetHood
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Documents\My Videos
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Documents\My Pictures
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Documents\My Music
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\My Documents
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Local Settings
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\History
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Cookies
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\Application Data
[2010/08/15 18:18:20 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\Application Data
[2010/08/15 18:18:20 | 000,000,000 | -H-D | C] -- C:\Users\Peter\AppData
[2010/08/15 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Temp
[2010/08/15 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Microsoft
[2010/08/15 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Media Center Programs
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/14 00:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/14 00:09:22 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/14 00:08:46 | 002,359,296 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT
[2010/09/14 00:08:37 | 001,177,561 | -H-- | M] () -- C:\Users\Peter\AppData\Local\IconCache.db
[2010/09/14 00:05:03 | 000,133,632 | ---- | M] () -- C:\Users\Peter\Desktop\RKUnhookerLE.EXE
[2010/09/14 00:04:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010/09/14 00:01:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/14 00:01:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 23:54:51 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/09/13 23:54:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 23:54:09 | 404,782,060 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/13 18:38:44 | 000,525,824 | ---- | M] () -- C:\Users\Peter\Desktop\dds.scr
[2010/09/13 15:20:02 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/13 15:20:02 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/13 15:20:02 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/13 13:33:47 | 000,000,046 | ---- | M] () -- C:\Users\Peter\jagex_runescape_preferences.dat
[2010/09/13 13:28:52 | 000,000,099 | ---- | M] () -- C:\Users\Peter\jagex_runescape_preferences2.dat
[2010/09/12 22:02:38 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G72 Notebook PC_Y5335KV_0U_QCNF0256WR7_E605977-001_4A_I1425_SHP_V54.26_F.16_T100520_WU3-0_L409_M3894_J320_7Intel_8652_92.27_#100523_N10EC8136;10EC8171_(WQ666UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/09/12 22:02:38 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G72 Notebook PC_Y5335KV_0U_QCNF0256WR7_E605977-001_4A_I1425_SHP_V54.26_F.16_T100520_WU3-0_L409_M3894_J320_7Intel_8652_92.27_#100523_N10EC8136;10EC8171_(WQ666UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/09/12 20:22:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPeter.job
[2010/09/04 17:00:00 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\New scan.job
[2010/09/01 12:31:38 | 000,420,801 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/08/31 20:08:25 | 000,001,942 | ---- | M] () -- C:\Users\Peter\Desktop\Sophos Anti-Virus.lnk
[2010/08/31 19:58:40 | 000,000,941 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2010/08/31 19:51:43 | 000,166,440 | -H-- | M] (Sophos Plc) -- C:\Windows\SysNative\02fc6b4c.stf
[2010/08/31 19:51:43 | 000,166,440 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2010/08/31 19:51:41 | 000,111,608 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2010/08/31 19:51:35 | 000,030,208 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sophosboottasks.exe
[2010/08/31 19:51:33 | 000,023,360 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2010/08/25 21:42:19 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/08/17 18:42:30 | 000,001,450 | ---- | M] () -- C:\Users\Peter\.recently-used.xbel
[2010/08/16 15:08:45 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
[2010/08/16 15:08:39 | 000,001,895 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/16 15:08:39 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/08/16 15:04:21 | 000,001,195 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/16 14:23:40 | 000,088,800 | ---- | M] () -- C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 14:21:43 | 000,374,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/16 04:45:01 | 000,007,604 | ---- | M] () -- C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
[2010/08/16 04:08:50 | 000,000,881 | ---- | M] () -- C:\Users\Peter\Desktop\My Pictures.lnk
[2010/08/16 04:08:08 | 000,000,892 | ---- | M] () -- C:\Users\Peter\Desktop\My Documents.lnk
[2010/08/16 04:07:27 | 000,000,864 | ---- | M] () -- C:\Users\Peter\Desktop\My Music.lnk
[2010/08/16 04:05:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.lnk
[2010/08/16 03:26:31 | 000,001,002 | ---- | M] () -- C:\Users\Peter\Desktop\Audacity.lnk
[2010/08/16 02:58:47 | 000,001,026 | ---- | M] () -- C:\Users\Peter\Desktop\ZoneAlarm Security.lnk
[2010/08/16 02:01:15 | 000,000,000 | ---- | M] () -- C:\Users\Peter\jagex__preferences3.dat
[2010/08/16 01:18:02 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/16 00:44:54 | 000,001,963 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/16 00:44:54 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 00:28:17 | 000,001,437 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/15 18:24:10 | 000,524,288 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/15 18:24:10 | 000,524,288 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/15 18:24:10 | 000,065,536 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/15 18:18:20 | 000,000,020 | -HS- | M] () -- C:\Users\Peter\ntuser.ini
[2010/08/15 17:17:58 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/08/15 17:17:58 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 00:05:03 | 000,133,632 | ---- | C] () -- C:\Users\Peter\Desktop\RKUnhookerLE.EXE
[2010/09/13 18:38:42 | 000,525,824 | ---- | C] () -- C:\Users\Peter\Desktop\dds.scr
[2010/09/12 22:02:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G72 Notebook PC_Y5335KV_0U_QCNF0256WR7_E605977-001_4A_I1425_SHP_V54.26_F.16_T100520_WU3-0_L409_M3894_J320_7Intel_8652_92.27_#100523_N10EC8136;10EC8171_(WQ666UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/09/12 22:02:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G72 Notebook PC_Y5335KV_0U_QCNF0256WR7_E605977-001_4A_I1425_SHP_V54.26_F.16_T100520_WU3-0_L409_M3894_J320_7Intel_8652_92.27_#100523_N10EC8136;10EC8171_(WQ666UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/08/31 20:08:25 | 000,001,942 | ---- | C] () -- C:\Users\Peter\Desktop\Sophos Anti-Virus.lnk
[2010/08/31 20:07:17 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\New scan.job
[2010/08/31 19:51:20 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2010/08/25 21:42:19 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/08/17 23:01:27 | 404,782,060 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/17 18:42:30 | 000,001,450 | ---- | C] () -- C:\Users\Peter\.recently-used.xbel
[2010/08/16 15:08:39 | 000,001,895 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/16 15:08:39 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/08/16 15:07:25 | 000,000,348 | -H-- | C] () -- C:\IPH.PH
[2010/08/16 15:04:21 | 000,001,195 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/16 04:45:01 | 000,007,604 | ---- | C] () -- C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
[2010/08/16 04:08:50 | 000,000,881 | ---- | C] () -- C:\Users\Peter\Desktop\My Pictures.lnk
[2010/08/16 04:08:08 | 000,000,892 | ---- | C] () -- C:\Users\Peter\Desktop\My Documents.lnk
[2010/08/16 04:07:27 | 000,000,864 | ---- | C] () -- C:\Users\Peter\Desktop\My Music.lnk
[2010/08/16 04:05:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.lnk
[2010/08/16 03:26:31 | 000,001,002 | ---- | C] () -- C:\Users\Peter\Desktop\Audacity.lnk
[2010/08/16 02:58:47 | 000,001,026 | ---- | C] () -- C:\Users\Peter\Desktop\ZoneAlarm Security.lnk
[2010/08/16 02:58:00 | 000,420,801 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/08/16 02:01:15 | 000,000,000 | ---- | C] () -- C:\Users\Peter\jagex__preferences3.dat
[2010/08/16 02:01:14 | 000,000,099 | ---- | C] () -- C:\Users\Peter\jagex_runescape_preferences2.dat
[2010/08/16 01:59:50 | 000,000,046 | ---- | C] () -- C:\Users\Peter\jagex_runescape_preferences.dat
[2010/08/16 00:44:54 | 000,001,963 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/16 00:44:54 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 00:28:17 | 000,001,437 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/15 18:23:17 | 000,000,192 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/08/15 18:22:21 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPeter.job
[2010/08/15 18:18:20 | 002,359,296 | -HS- | C] () -- C:\Users\Peter\NTUSER.DAT
[2010/08/15 18:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/15 18:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/15 18:18:20 | 000,262,144 | -HS- | C] () -- C:\Users\Peter\ntuser.dat.LOG1
[2010/08/15 18:18:20 | 000,065,536 | -HS- | C] () -- C:\Users\Peter\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/15 18:18:20 | 000,000,290 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/15 18:18:20 | 000,000,272 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/15 18:18:20 | 000,000,020 | -HS- | C] () -- C:\Users\Peter\ntuser.ini
[2010/08/15 18:18:20 | 000,000,000 | -HS- | C] () -- C:\Users\Peter\ntuser.dat.LOG2
[2010/05/23 04:33:37 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/05/23 04:33:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/05/23 04:33:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/05/23 04:33:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/05/23 04:32:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/05/23 04:16:41 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/23 04:16:41 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/21 04:34:08 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/21 04:31:43 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/21 04:30:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/21 04:30:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/03/05 15:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/03/05 15:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/16 16:10:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\acccore
[2010/08/27 00:18:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Audacity
[2010/08/16 23:41:12 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2010/08/17 03:27:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mp3tag
[2010/08/16 15:01:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010/08/30 19:26:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Philipp Winterberg
[2010/09/04 17:00:00 | 000,000,606 | ---- | M] () -- C:\Windows\Tasks\New scan.job
[2009/07/14 01:08:49 | 000,017,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >

OTL Extras logfile created on: 9/14/2010 12:11:30 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 244.88 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETER-PC
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4210307057-489378270-1912565153-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŪ Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6FC0292-2F77-4907-BF0E-61B23F5E10BD}" = Cisco NAC Agent
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38E0ADA-18E9-4F90-A271-73CB08609E70}" = SecureW2 Enterprise Client 3.1.4 MSI Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Free RAR Extract Frog" = Free RAR Extract Frog
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2010 8:50:57 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/26/2010 8:51:58 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 7:46:21 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/27/2010 7:47:24 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/29/2010 3:07:22 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/29/2010 6:51:45 PM | Computer Name = Peter-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/30/2010 12:33:39 AM | Computer Name = Peter-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/30/2010 3:45:07 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/30/2010 3:46:09 PM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/30/2010 4:40:15 PM | Computer Name = Peter-PC | Source = SecureW2 | ID = 1223
Description =

[ System Events ]
Error - 9/8/2010 11:19:30 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:30 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:30 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:32 PM | Computer Name = Peter-PC | Source = DCOM | ID = 10005
Description =

Error - 9/8/2010 11:19:32 PM | Computer Name = Peter-PC | Source = DCOM | ID = 10005
Description =

Error - 9/8/2010 11:19:32 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:32 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:32 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2010 11:19:33 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/8/2010 11:42:21 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.


< End of report >

--------------------------------------------------------------------------------------------------------------------------

Minidump:
Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\091310-19780-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c0a000 PsLoadedModuleList = 0xfffff800`02e47e50
Debug session time: Mon Sep 13 21:08:30.053 2010 (UTC - 4:00)
System Uptime: 0 days 2:24:23.645
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050033, 6f8, fffff80002c42ec8}

Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80002c42ec8

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80002c79ca9 to fffff80002c7a740

STACK_TEXT:
fffff800`04111d28 fffff800`02c79ca9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
fffff800`04111d30 fffff800`02c78172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`04111e70 fffff800`02c42ec8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0293afe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x60


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`02c78172 90 nop

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiDoubleFaultAbort+b2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9

FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2

BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2

Followup: MachineOwner
---------

--------------------------------------------------------------------------------------------------------------------------

What do you make of this?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 14 September 2010 - 05:46 AM

I wonder if this isn't caused by a harddisk problem. Please click Start > Programs > Accessories, right click on Command Prompt and select "run as administrator".

Type chkdsk /r and press enter. Type Y and press enter to schedule the disk check for next reboot. Then restart your computer and let the disk check run unhindered. Note - this may take some time.

When done, let me know if anything changed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 14 September 2010 - 04:01 PM

I did what you instructed, and I assume it ran to completion because when I returned, it was in standby mode on the log-in screen. I had to leave when it was half-done checking my free space.

Is there any way to see if it fixed things besides just using my computer and waiting for another BSOD?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 15 September 2010 - 02:00 AM

No, its difficult to say, there is a log saved, but even then, you will just have to use it for a bit to see how things are now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 15 September 2010 - 01:10 PM

Gah I really wanted to believe that solved the problem, but I just BSOD'd again.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 15 September 2010 - 01:48 PM

The same BSOD code again?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 15 September 2010 - 09:38 PM

It didn't take a (crash) dump this time, so I have no way of knowing. The screen also flashed so fast that it was unreadable. On a hunch, it was probably the same code.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 16 September 2010 - 03:27 AM

Please make sure you disable any gadgets in the Sidebar from control panel and let me know if you have still issues afterwards.
Especially the weather gadget can sometimes cause issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 16 September 2010 - 05:10 PM

I have no running gadgets; in fact, I didn't even know they existed until you mentioned them.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 17 September 2010 - 01:57 AM

Are you using a Terminal Server connection (to access a remote computer)?

Please rerun OTL and copy/paste the following text in the "custom scan/fix" field. Click the NONE button and then Run Scan. Post me the resulting log.
CODE
/md5start
ntkrnlmp.exe
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 17 September 2010 - 09:48 AM

I don't know what a Terminal Server connection is, sorry. My set-up right now is very typical of the other people in my college residence hall- wired connection to my college's network or wireless if I'm using the computer on the go.

I thought of something that might have caused this. A few days before my BSODing started, I connected my laptop directly to my Gamecube via Ethernet, and I don't think my laptop recognized it. It just called it Realtek PCIe FE Family Controller and wouldn't give it network access. It was one of my last ditch efforts in trying to allow it access to my college's network, since I'd never heard of connecting an Ethernet cable from my laptop to something other than a router or modem.

If all else fails, I could ship it back to the factory and have it repaired under the 1-year, limited warranty.

I ran the scan. It doesn't look like it did anything?

OTL logfile created on: 9/17/2010 10:33:10 AM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Peter\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 245.27 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETER-PC
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< End of report >


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 PM

Posted 17 September 2010 - 11:01 AM

QUOTE
It just called it Realtek PCIe FE Family Controller and wouldn't give it network access. It was one of my last ditch efforts in trying to allow it access to my college's network, since I'd never heard of connecting an Ethernet cable from my laptop to something other than a router or modem.
Did you uninstall this afterwards? If not, locate it in device manager and uninstall it (right click on the device and select Uninstall).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Invisiblefiend

Invisiblefiend
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:06:27 AM

Posted 17 September 2010 - 01:10 PM

Apparently I need that to connect to a wired network; windows auto-reinstalled it soon after I uninstalled. I also looked at it's install date under the configure menu and it says May 23rd, so my laptop must have actually come with it pre-installed.

Edited by Invisiblefiend, 17 September 2010 - 01:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users