Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

blue screen when windows starts

Started by YOA , Oct 01 2010 10:48 PM

  • Please log in to reply

#1
YOA
Posted 01 October 2010 - 10:48 PM

YOA

    New Member

  • Member
  • Pip
  • 1 posts
sometimes blue screen when windows starting up and during web browsing. and it will automatically restart again.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4720

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/1/2010 6:42:15 PM
mbam-log-2010-10-01 (18-42-15).txt

Scan type: Quick scan
Objects scanned: 117062
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 18:29:07
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\adm\AppData\Local\Temp\uwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory [0x9B0EB752]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAlpcConnectPort [0x9B0EB388]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject [0x9B0EB440]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwConnectPort [0x9B0EB482]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateFile [0x9B0EB530]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcess [0x9B0EBDD8]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx [0x9B0EBE64]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThread [0x9B0EBEF4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThreadEx [0x9B0EBF96]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateUserProcess [0x9B0EBD68]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess [0x9B0EB580]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDuplicateObject [0x9B0EB5C2]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwLoadDriver [0x9B0EB606]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenKey [0x9B0EB648]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenSection [0x9B0EB68A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenThread [0x9B0EB6CC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory [0x9B0EB79A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRequestWaitReplyPort [0x9B0EB70E]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRestoreKey [0x9B0EB7DC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwResumeThread [0x9B0EB824]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort [0x9B0EB8B4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSetValueKey [0x9B0EB866]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSuspendProcess [0x9B0EB958]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl [0x9B0EB99A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwTerminateProcess [0x9B0EB9DC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory [0x9B0EBA2A]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C351A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C94599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CC074C 4 Bytes [52, B7, 0E, 9B] {PUSH EDX; MOV BH, 0xe; WAIT }
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CC0758 4 Bytes [88, B3, 0E, 9B]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CC07AC 4 Bytes [40, B4, 0E, 9B] {INC EAX; MOV AH, 0xe; WAIT }
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CC07EC 4 Bytes [82, B4, 0E, 9B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82CC0808 4 Bytes [30, B5, 0E, 9B]
.text ...
? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !
.text peauth.sys 9B0F9C9D 28 Bytes [DE, 89, 3B, 68, DB, A3, E3, ...]
.text peauth.sys 9B0F9CC1 28 Bytes [DE, 89, 3B, 68, DB, A3, E3, ...]
PAGE peauth.sys 9B0FFE20 2 Bytes [E6, E2] {OUT 0xe2, AL}
PAGE peauth.sys 9B0FFE2B 90 Bytes [C3, EE, 00, 72, D7, 5A, 44, ...]
PAGE peauth.sys 9B10002C 102 Bytes [81, 44, B8, 2E, CA, CE, 60, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ntdll.dll!LdrLoadDll 774EF625 5 Bytes JMP 008B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 10/1/2010 6:31:30 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\yuan\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 259.07 Gb Total Space | 224.16 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive D: | 104.68 Gb Total Space | 24.71 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
Drive E: | 8.85 Gb Total Space | 7.32 Gb Free Space | 82.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADM-PC
Current User Name: adm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/01 18:29:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\yuan\Desktop\OTL.exe
PRC - [2010/07/22 16:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/11/08 17:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/30 19:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/07/13 15:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 15:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/09/21 11:02:02 | 000,393,216 | ---- | M] (NetGear) -- C:\Windows\System32\WN311BFCS.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 18:29:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\yuan\Desktop\OTL.exe
MOD - [2009/07/13 15:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 15:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 15:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 15:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 15:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 15:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 15:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 15:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 15:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 15:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 15:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 15:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/07/13 15:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 15:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 15:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 15:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 15:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 15:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 15:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 15:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 15:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 15:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 15:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 15:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 15:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 15:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 15:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 15:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 15:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 15:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 15:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 15:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 15:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/09/21 11:02:02 | 000,393,216 | ---- | M] (NetGear) [Auto | Running] -- C:\Windows\System32\WN311BFCS.exe -- (WN311BFCS)


========== Driver Services (SafeList) ==========

DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/03 00:39:02 | 002,707,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WN311B.SYS -- (NTG43XX)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/10 21:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/08 17:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/31 00:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 15:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 15:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 15:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 15:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 15:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 15:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 15:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 15:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 15:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 15:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 15:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 15:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 15:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 15:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 15:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 15:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 15:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 15:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 15:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 15:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 15:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 15:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 15:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 15:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 15:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 15:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 15:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 15:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 15:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 15:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 15:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 15:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 15:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 15:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 15:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 15:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 15:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 15:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 15:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 15:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 15:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 14:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 14:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 14:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 13:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 13:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 13:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 13:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 13:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 13:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 13:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 13:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 13:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 13:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 13:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 13:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 13:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 13:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 13:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 13:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 13:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 13:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 13:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 12:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 12:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 12:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 12:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 12:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 12:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 12:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 12:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 12:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 12:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 12:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 12:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 12:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/22 22:35:00 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 A9 E4 82 08 5E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/27 16:22:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 19:07:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/27 19:07:05 | 000,000,000 | ---D | M]

[2010/08/27 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\Mozilla\Extensions
[2010/08/28 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\q12anycl.default\extensions
[2010/08/27 19:14:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\q12anycl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/28 12:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/28 12:50:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/08/27 16:46:25 | 000,001,262 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/01 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 18:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/30 20:40:42 | 000,393,216 | ---- | C] (NetGear) -- C:\Windows\System32\WN311BFCS.exe
[2010/09/30 20:40:42 | 000,102,400 | ---- | C] (Ambit Microsystems) -- C:\Windows\System32\ASupplicant.dll
[2010/09/30 20:40:42 | 000,090,112 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\AW32N50.dll
[2010/09/30 20:40:42 | 000,030,464 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\AWINDIS5.SYS
[2010/09/30 20:40:39 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/30 20:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/09/30 20:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/09/29 18:36:10 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Malwarebytes
[2010/09/29 18:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/29 18:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/29 18:35:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/29 18:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/26 19:52:51 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\PCToolsFirewallPlus
[2010/09/26 19:51:41 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/26 19:51:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/26 19:51:40 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/26 19:51:40 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/26 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/26 19:51:24 | 000,070,664 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 19:51:24 | 000,058,816 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys
[2010/09/26 19:51:24 | 000,032,680 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/09/26 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 19:51:22 | 000,115,216 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/09/26 19:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 19:47:55 | 010,702,992 | ---- | C] ( ) -- C:\Users\adm\Desktop\fwinstall.exe
[2010/09/15 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Skype
[2010/09/14 19:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/14 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/09/13 16:30:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/29 23:04:19 | 000,000,000 | ---D | C] -- C:\Users\adm\Documents\ImTOO Software Studio
[2010/08/29 23:04:19 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\ImTOO Software Studio
[2010/08/29 23:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/08/28 12:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/28 12:49:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/28 12:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/27 19:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/27 19:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/08/27 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Apple Computer
[2010/08/27 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Apple Computer
[2010/08/27 19:08:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/27 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/27 19:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/27 19:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/27 19:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/27 19:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/27 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Apple
[2010/08/27 19:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/27 19:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/27 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/27 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/27 19:03:23 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Diagnostics
[2010/08/27 19:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/27 18:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\unispim6
[2010/08/27 18:23:16 | 003,989,960 | ---- | C] (北京紫光华宇软件股份有限公司) -- C:\Windows\System32\unispim6.ime
[2010/08/27 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Thunisoft
[2010/08/27 18:04:44 | 000,000,000 | ---D | C] -- C:\Users\adm\Documents\MATLAB
[2010/08/27 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\MathWorks
[2010/08/27 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\adm\Tracing
[2010/08/27 17:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/27 17:51:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/27 17:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/08/27 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/08/27 17:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/08/27 17:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2010/08/27 17:44:37 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\HP
[2010/08/27 17:36:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/08/27 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/08/27 17:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/08/27 17:29:01 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/08/27 17:29:01 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys
[2010/08/27 17:28:57 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/08/27 17:28:53 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/08/27 17:28:53 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/08/27 17:28:51 | 000,051,248 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/08/27 17:28:51 | 000,036,400 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/08/27 17:28:51 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/08/27 17:28:49 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/08/27 17:28:43 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/08/27 17:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/08/27 17:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/08/27 17:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/08/27 17:21:04 | 000,106,496 | ---- | C] (Zenographics, Inc.) -- C:\Windows\System32\ZSPOOL.DLL
[2010/08/27 17:21:04 | 000,102,400 | ---- | C] (Zenographics, Inc.) -- C:\Windows\System32\ZLhp1020.DLL
[2010/08/27 17:21:04 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\Windows\System32\ZIMF.DLL
[2010/08/27 17:21:04 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\Windows\System32\ZTAG.DLL
[2010/08/27 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/27 17:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/27 17:18:43 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\HP
[2010/08/27 17:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/08/27 17:17:06 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Yahoo!
[2010/08/27 17:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/08/27 17:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/08/27 17:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/27 17:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/27 17:14:13 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/27 17:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/27 17:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/27 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/27 17:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/27 17:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/27 17:06:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/27 17:04:12 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Microsoft Help
[2010/08/27 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/27 17:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/27 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\VMware
[2010/08/27 17:03:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/27 17:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/27 16:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/27 16:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/27 16:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/27 16:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/27 16:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/27 16:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/27 16:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/27 16:44:00 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Macromedia
[2010/08/27 16:43:55 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Adobe
[2010/08/27 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Adobe
[2010/08/27 16:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/27 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Lingoes
[2010/08/27 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Lingoes
[2010/08/27 16:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lingoes
[2010/08/27 16:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/08/27 16:29:48 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Avira
[2010/08/27 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lingoes
[2010/08/27 16:28:12 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\WinRAR
[2010/08/27 16:27:29 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/08/27 16:27:29 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/08/27 16:27:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/08/27 16:27:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/08/27 16:27:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/08/27 16:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/08/27 16:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/27 16:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/27 16:22:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/08/27 16:22:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/08/27 16:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/08/27 16:22:07 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/08/27 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/08/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Real
[2010/08/27 16:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/08/27 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Mozilla
[2010/08/27 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Mozilla
[2010/08/27 16:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/27 16:16:17 | 000,000,000 | R--D | C] -- C:\Users\adm\Searches
[2010/08/27 16:16:16 | 000,000,000 | -H-D | C] -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/27 16:16:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/27 16:16:06 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Identities
[2010/08/27 16:16:04 | 000,000,000 | R--D | C] -- C:\Users\adm\Contacts
[2010/08/27 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\VirtualStore
[2010/08/27 16:15:56 | 000,000,000 | --SD | C] -- C:\Users\adm\AppData\Roaming\Microsoft
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Videos
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Saved Games
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Pictures
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Music
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Links
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Favorites
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Downloads
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\My Documents
[2010/08/27 16:15:56 | 000,000,000 | R--D | C] -- C:\Users\adm\Desktop
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\AppData\Local\Temporary Internet Files
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Templates
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Start Menu
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\SendTo
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Recent
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\PrintHood
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\NetHood
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Documents\My Videos
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Documents\My Pictures
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Documents\My Music
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\My Documents
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Local Settings
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\AppData\Local\History
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Cookies
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\Application Data
[2010/08/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\adm\AppData\Local\Application Data
[2010/08/27 16:15:56 | 000,000,000 | -H-D | C] -- C:\Users\adm\AppData
[2010/08/27 16:15:56 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Temp
[2010/08/27 16:15:56 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Local\Microsoft
[2010/08/27 16:15:56 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\Media Center Programs
[2010/08/27 16:15:41 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/08/27 14:08:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/27 14:08:19 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/08/27 13:09:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/27 13:09:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/10 05:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

========== Files - Modified Within 90 Days ==========

[2010/10/01 18:31:07 | 001,572,864 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT
[2010/10/01 18:03:51 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 18:03:51 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 18:01:09 | 000,734,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/01 18:01:09 | 000,621,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/01 18:01:09 | 000,108,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/01 17:56:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 17:56:31 | 2314,092,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 17:43:32 | 000,524,288 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/10/01 17:43:32 | 000,524,288 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 17:43:32 | 000,065,536 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TM.blf
[2010/10/01 15:47:57 | 176,501,695 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/30 20:40:42 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WN311B Smart Wizard.lnk
[2010/09/26 19:55:58 | 001,897,973 | -H-- | M] () -- C:\Users\adm\AppData\Local\IconCache.db
[2010/09/26 19:48:14 | 010,702,992 | ---- | M] ( ) -- C:\Users\adm\Desktop\fwinstall.exe
[2010/09/15 17:56:24 | 000,000,017 | ---- | M] () -- C:\Users\adm\AppData\Local\resmon.resmoncfg
[2010/09/12 23:09:28 | 000,086,848 | ---- | M] () -- C:\Users\adm\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/06 20:12:34 | 003,697,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/29 22:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/28 13:19:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/28 12:56:57 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/08/27 18:04:03 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2009b.lnk
[2010/08/27 17:28:39 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/27 17:18:36 | 000,170,036 | ---- | M] () -- C:\Windows\hpoins14.dat
[2010/08/27 17:18:24 | 000,000,438 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 17:16:07 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/27 16:56:07 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/27 16:46:25 | 000,001,262 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/27 16:39:21 | 000,524,288 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 16:39:21 | 000,524,288 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 16:39:21 | 000,065,536 | -HS- | M] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/27 16:39:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/27 16:27:36 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/27 16:22:07 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/08/27 16:19:53 | 000,001,909 | ---- | M] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/27 16:19:52 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/27 16:17:43 | 000,001,407 | ---- | M] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/27 16:15:56 | 000,000,020 | -HS- | M] () -- C:\Users\adm\ntuser.ini
[2010/08/27 14:08:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/27 13:11:48 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/08/27 13:10:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/10 05:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/10 05:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/09 18:34:00 | 003,989,960 | ---- | M] (北京紫光华宇软件股份有限公司) -- C:\Windows\System32\unispim6.ime

========== Files Created - No Company Name ==========

[2010/10/01 17:43:32 | 000,524,288 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/10/01 17:43:32 | 000,524,288 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 17:43:32 | 000,065,536 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{0ece6f02-cdc7-11df-95cd-005056c00008}.TM.blf
[2010/09/30 20:40:42 | 000,061,440 | ---- | C] () -- C:\Windows\System32\FDI.exe
[2010/09/30 20:40:42 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WN311B Smart Wizard.lnk
[2010/09/30 20:40:16 | 000,155,745 | ---- | C] () -- C:\Windows\System32\installservice.exe
[2010/09/30 20:40:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\kill.dll
[2010/09/26 19:51:41 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/09/26 19:51:41 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/09/26 19:51:40 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/09/26 19:51:24 | 000,007,435 | ---- | C] () -- C:\Windows\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 19:51:24 | 000,007,399 | ---- | C] () -- C:\Windows\System32\drivers\pctNdis-DNS.cat
[2010/09/26 19:51:22 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplfw.cat
[2010/09/15 17:56:24 | 000,000,017 | ---- | C] () -- C:\Users\adm\AppData\Local\resmon.resmoncfg
[2010/09/13 16:30:27 | 176,501,695 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/29 22:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/28 12:56:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/28 12:49:25 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/27 18:04:03 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2009b.lnk
[2010/08/27 18:02:59 | 000,002,362 | ---- | C] () -- C:\Windows\System32\mscomct2.dep
[2010/08/27 18:02:48 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2010/08/27 17:37:06 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/08/27 17:21:04 | 000,574,100 | ---- | C] () -- C:\Windows\System32\hp1022n.img
[2010/08/27 17:21:04 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2010/08/27 17:21:04 | 000,206,768 | ---- | C] () -- C:\Windows\System32\hp1022.img
[2010/08/27 17:21:04 | 000,128,380 | ---- | C] () -- C:\Windows\System32\hp1020.img
[2010/08/27 17:21:04 | 000,010,632 | ---- | C] () -- C:\Windows\System32\ZSHP1020.CHM
[2010/08/27 17:16:07 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/27 17:13:44 | 000,003,942 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/27 17:13:43 | 000,170,036 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/27 17:13:43 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010/08/27 16:56:07 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/27 16:39:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/27 16:32:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/08/27 16:27:36 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/27 16:19:53 | 000,001,909 | ---- | C] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/27 16:19:52 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/27 16:17:43 | 000,001,407 | ---- | C] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/27 16:15:56 | 000,524,288 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 16:15:56 | 000,524,288 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 16:15:56 | 000,262,144 | -HS- | C] () -- C:\Users\adm\ntuser.dat.LOG1
[2010/08/27 16:15:56 | 000,065,536 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/27 16:15:56 | 000,000,290 | ---- | C] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/27 16:15:56 | 000,000,272 | ---- | C] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/27 16:15:56 | 000,000,020 | -HS- | C] () -- C:\Users\adm\ntuser.ini
[2010/08/27 16:15:56 | 000,000,000 | -HS- | C] () -- C:\Users\adm\ntuser.dat.LOG2
[2010/08/27 16:15:55 | 001,572,864 | -HS- | C] () -- C:\Users\adm\NTUSER.DAT
[2010/08/27 14:08:20 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/08/27 14:08:19 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/08/27 13:10:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/27 13:09:08 | 2314,092,544 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 05:37:00 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2009/07/13 13:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/08/29 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\ImTOO Software Studio
[2010/08/27 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\Lingoes
[2010/09/26 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\PCToolsFirewallPlus
[2010/09/26 19:46:33 | 000,024,978 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/27 17:28:39 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 11:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 15:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/08/27 14:08:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 11:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/01 17:56:31 | 2314,092,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 17:21:25 | 000,029,335 | ---- | M] () -- C:\M1319.log
[2010/10/01 17:56:34 | 3085,459,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-01 06:39:19

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >


OTL Extras logfile created on: 10/1/2010 6:31:30 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\yuan\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 259.07 Gb Total Space | 224.16 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive D: | 104.68 Gb Total Space | 24.71 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
Drive E: | 8.85 Gb Total Space | 7.32 Gb Free Space | 82.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADM-PC
Current User Name: adm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax™ NEXT Wireless Adapter WN311B
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImTOO MPEG Encoder Ultimate" = ImTOO MPEG Encoder Ultimate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"VMware_Workstation" = VMware Workstation
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"紫光华宇拼音输入法V6.7_is1" = 紫光华宇拼音输入法V6.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 11:35:32 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000018 Faulting process id:
0x14d0 Faulting application start time: 0x01cb605085d7e38c Faulting application path:
C:\Windows\explorer.exe Faulting module path: unknown Report Id: c6f2c9cc-cc43-11df-a8b1-005056c00008

Error - 9/29/2010 11:35:47 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000018 Faulting process id:
0xffc Faulting application start time: 0x01cb6050911ce60c Faulting application path:
C:\Windows\explorer.exe Faulting module path: unknown Report Id: cffee3ac-cc43-11df-a8b1-005056c00008

Error - 9/29/2010 11:38:51 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x5653ec8b Faulting process id:
0xc4c Faulting application start time: 0x01cb6050936ffdcc Faulting application path:
C:\Windows\explorer.exe Faulting module path: unknown Report Id: 3d30a7bc-cc44-11df-a8b1-005056c00008

Error - 9/30/2010 12:13:02 AM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000018 Faulting process id:
0xac0 Faulting application start time: 0x01cb6050ff8da25c Faulting application path:
C:\Windows\explorer.exe Faulting module path: unknown Report Id: 042c6d0c-cc49-11df-a8b1-005056c00008

Error - 9/30/2010 12:13:44 AM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x000555f1 Faulting
process id: 0x1414 Faulting application start time: 0x01cb6055cb10a54c Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1d1a336c-cc49-11df-a8b1-005056c00008

Error - 10/1/2010 4:26:43 AM | Computer Name = adm-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 10/1/2010 4:27:46 AM | Computer Name = adm-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\VMware\vmware
workstation\vssSnapVista64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/1/2010 4:27:46 AM | Computer Name = adm-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\VMware\vmware
workstation\resources\imgCustPrep64.exe".Error in manifest or policy file "c:\program
files\VMware\vmware workstation\resources\Microsoft.VC80.CRT.MANIFEST" on line
4. Component identity found in manifest does not match the identity of the component
requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 10/1/2010 11:54:11 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc6b7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000100 Faulting process id: 0xd70 Faulting application
start time: 0x01cb61e577e9f710 Faulting application path: C:\Windows\system32\DllHost.exe
Faulting
module path: unknown Report Id: b68c6340-cdd8-11df-95cd-005056c00008

Error - 10/1/2010 11:54:57 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: services.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bbf1b Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0002d61b Faulting
process id: 0x270 Faulting application start time: 0x01cb61d3d6e0b720 Faulting application
path: C:\Windows\system32\services.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: d23d29d0-cdd8-11df-95cd-005056c00008

[ OSession Events ]
Error - 9/17/2010 4:41:36 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2010 4:41:43 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2010 4:41:54 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2010 4:42:11 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2010 4:42:26 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/30/2010 7:33:08 AM | Computer Name = adm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:31:40 AM on ?9/?30/?2010 was unexpected.

Error - 10/1/2010 2:30:08 AM | Computer Name = adm-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/1/2010 2:30:10 AM | Computer Name = adm-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/1/2010 2:33:35 AM | Computer Name = adm-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/1/2010 4:39:05 AM | Computer Name = adm-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 10/1/2010 6:34:09 AM | Computer Name = adm-PC | Source = DCOM | ID = 10010
Description =

Error - 10/1/2010 9:48:01 PM | Computer Name = adm-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/1/2010 11:54:21 PM | Computer Name = adm-PC | Source = DCOM | ID = 10010
Description =

Error - 10/1/2010 11:54:53 PM | Computer Name = adm-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/1/2010 11:56:36 PM | Computer Name = adm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:54:06 PM on ?10/?1/?2010 was unexpected.


< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 01 October 2010 - 11:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello YOA,

Welcome to Geekstogo.

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP