Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer crash blue screen software issues?

Started by maltyfamily , Oct 02 2011 09:36 AM

  • This topic is locked This topic is locked

#1
maltyfamily
Posted 02 October 2011 - 09:36 AM

maltyfamily

    Member

  • Member
  • PipPip
  • 21 posts
[size="6"][/size]My computer starting crashing after install of windows malicious software tool x64 - September 2011 (KB890830) After a system restore to before this and hiding the update the computer stopped crashing for the day. But same problem came back next day and I ran Emsisoft anti-malware in safe mode and found some trojan virus that were removed. Trojan names all had retrogamer in the location. Scan log has been deleted so I can't post it. The computer also started losing connection to the monitor. Meaning the computer was on and monitor would say no signal. This usually happened after stand by mode, but also happened once while active on computer. I downloaded WhoCrashed and have 1 dump record- below followed by the OTL scan results.


Welcome to WhoCrashed HOME EDITION v 3.02


This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.


To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...


Home Edition Notice


This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.


System Information (local)


computer name: SOLOMONS-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: AuthenticAMD AMD Phenom™ II X4 820 Processor AMD586, level: 16
4 logical processors, active mask: 15
RAM: 8320700416 total
VM: 2147352576, free: 1955028992


Crash Dump Analysis


Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Sun 10/2/2011 11:30:20 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\100211-32838-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x50 (0xFFFFFA80563241A4, 0x0, 0xFFFFF960001540A0, 0x5)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


Conclusion


1 crash dumps have been found and analyzed.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

OTL

OTL logfile created on: 10/2/2011 8:13:04 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\solomons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 72.41% Memory free
15.50 Gb Paging File | 13.11 Gb Available in Paging File | 84.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.50 Gb Total Space | 771.17 Gb Free Space | 83.78% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SOLOMONS-PC | User Name: solomons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 08:12:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\solomons\Downloads\OTL.exe
PRC - [2011/09/27 13:15:46 | 003,039,496 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/07/13 07:12:05 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/05/31 10:41:38 | 000,034,856 | ---- | M] (Retrogamer) -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbarsvc.exe
PRC - [2011/05/31 10:41:38 | 000,026,688 | ---- | M] (Retrogamer) -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zmedint.exe
PRC - [2011/05/31 10:41:38 | 000,026,568 | ---- | M] (Retrogamer) -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbrmon.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/07 22:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 08:02:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/09/18 08:02:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/09/18 08:02:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/09/18 08:02:10 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/09/18 08:02:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/18 08:00:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/09/18 08:00:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/09/18 08:00:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/09/18 08:00:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/18 08:00:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/18 07:59:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/18 07:59:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/18 07:59:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/09/16 09:22:36 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/18 07:31:19 | 012,160,056 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/08/18 07:31:07 | 001,699,384 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/05/12 09:50:23 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/05/12 09:50:23 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 15:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 14:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/27 13:15:46 | 003,039,496 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/09/21 17:21:35 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/31 10:41:38 | 000,034,856 | ---- | M] (Retrogamer) [Auto | Running] -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/07 22:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=HPDTDF&q="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: [email protected]:4.4.0.7
FF - prefs.js..extensions.enabledItems: 2zffxtbr@Retrogamer_2z.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=HPDTDF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/09/15 10:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin [2011/10/02 00:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 15:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\solomons\AppData\Roaming\Move Networks [2010/11/25 11:23:10 | 000,000,000 | ---D | M]

[2010/03/18 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 07:39:04 | 000,001,834 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\searchplugins\bing.xml
[2011/10/01 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/15 10:38:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/10/02 00:02:08 | 000,000,000 | ---D | M] (Retrogamer) -- C:\PROGRAM FILES (X86)\RETROGAMER_2Z\BAR\1.BIN
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Retrogamer Plugin Stub (Enabled) = C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: AVG Safe Search = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/01 19:50:01 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - Startup: C:\Users\solomons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O1364bit: - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B14D83D-9B51-4C20-B163-016E5B182566}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABC33E4A-DE21-4CB8-B9F0-FFE574536755}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 10:56:20 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/07/20 16:56:36 | 000,253,952 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/24 11:33:33 | 000,007,974 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ec7444c-4b02-11df-83dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec7444c-4b02-11df-83dd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006/07/20 16:56:36 | 000,253,952 | R--- | M] (Firaxis Games)
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell - "" = AutoRun
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/02 07:38:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/01 22:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\solomons\Documents\Anti-Malware
[2011/10/01 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011/10/01 21:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/01 19:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/01 19:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/01 18:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/01 15:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/30 23:37:32 | 000,000,000 | ---D | C] -- C:\9d541152a839182ee00668f7c9f3
[2011/09/16 09:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/08/10 16:28:18 | 000,096,320 | ---- | C] (Retrogamer) -- C:\Users\solomons\AppData\Local\RetrogamerAuto.exe

========== Files - Modified Within 30 Days ==========

[2011/10/02 08:02:01 | 000,024,049 | ---- | M] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/02 08:00:33 | 000,005,931 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp6.html
[2011/10/02 08:00:29 | 000,001,892 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp1.html
[2011/10/02 07:45:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 07:45:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 07:38:44 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 07:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/02 07:38:07 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/01 23:56:21 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 23:33:06 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 22:29:03 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:52:13 | 000,005,600 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp8.html
[2011/10/01 21:44:43 | 000,000,838 | ---- | M] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 18:39:39 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 18:08:23 | 133,888,181 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/01 15:05:54 | 000,002,054 | ---- | M] () -- C:\Users\solomons\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 14:44:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsolomons.job
[2011/10/01 12:33:48 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/01 06:51:17 | 000,000,000 | ---- | M] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/26 15:49:00 | 000,017,169 | ---- | M] () -- C:\Users\solomons\Desktop\Open Today.odt
[2011/09/22 17:33:55 | 000,277,223 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/18 00:59:51 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 00:59:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 00:59:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/16 09:22:38 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/09/15 10:38:20 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/10/02 07:40:21 | 000,005,931 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp6.html
[2011/10/01 23:56:21 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 22:29:03 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:52:13 | 000,005,600 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp8.html
[2011/10/01 21:44:46 | 000,001,892 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp1.html
[2011/10/01 21:44:43 | 000,000,838 | ---- | C] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 21:01:27 | 000,024,049 | ---- | C] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/01 18:39:39 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:05:54 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 06:51:17 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/16 09:22:38 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/24 21:14:29 | 000,000,128 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/02/26 18:45:04 | 000,149,151 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp232323232%7FFP537(5)NU=3384)895)969)WSNRCG=329248( ;5347NU0MRJ.JPG
[2011/02/15 09:55:36 | 000,913,226 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp124.JPG
[2011/02/15 09:54:53 | 000,901,323 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp103.JPG
[2011/02/15 09:54:19 | 000,925,819 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp093.JPG
[2011/02/15 09:53:41 | 000,915,735 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp090.JPG
[2010/12/14 13:32:28 | 000,041,190 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].3
[2010/12/14 13:32:28 | 000,040,167 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].2
[2010/12/14 13:32:27 | 000,040,183 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].1
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].JPG
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].0
[2010/05/14 13:13:14 | 000,092,590 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.1
[2010/05/14 13:13:12 | 000,108,382 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.0
[2010/05/14 13:13:12 | 000,090,246 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.JPG
[2010/05/14 13:12:34 | 000,087,426 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH AND.JPG
[2010/05/13 09:22:32 | 000,029,184 | ---- | C] () -- C:\Users\solomons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 23:41:55 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Roaming\wklnhst.dat
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/06/09 18:39:05 | 000,000,000 | -HSD | M] -- C:\Users\solomons\AppData\Roaming\.#
[2011/05/15 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\AVG10
[2010/03/17 13:36:32 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Gamelab
[2010/03/17 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\GOL_byHasbro
[2011/10/01 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\IObit
[2010/07/05 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\iWin
[2011/08/14 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\My Games
[2010/05/12 10:15:06 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\OpenOffice.org
[2010/03/05 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PictureMover
[2010/04/07 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PlayFirst
[2011/09/30 21:29:43 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sammsoft
[2010/03/16 10:58:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sierra Entertainment
[2010/04/25 23:42:07 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Template
[2010/03/06 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\WinBatch
[2011/01/29 12:30:56 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Windows Live Writer
[2011/08/31 10:00:29 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/09/15 07:30:01 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3F2F06F2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:EA34E08F

< End of report >
Extra page OTL

OTL Extras logfile created on: 10/2/2011 8:13:04 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\solomons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 72.41% Memory free
15.50 Gb Paging File | 13.11 Gb Available in Paging File | 84.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.50 Gb Total Space | 771.17 Gb Free Space | 83.78% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SOLOMONS-PC | User Name: solomons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{34C5BC15-2401-4980-9D95-ABD2CE8DD08A}" = AVG 2011
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{71F2CF3C-07C9-4FB9-8B22-8BC411C2E3EE}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WhoCrashed_is1" = WhoCrashed 3.02
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5C13AD07-5129-11D5-96DB-AE99AF79C743}" = Bob the Builder - Bob Builds a Park
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Akamai" = Akamai NetSession Interface
"ARO 2011_is1" = ARO 2011
"CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Retrogamer_2zbar Uninstall" = Retrogamer
"Scholastic's Little Bill Thinks BIG" = Scholastic's Little Bill Thinks BIG
"Security Task Manager" = Security Task Manager 1.8c
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"HuluDesktop" = Hulu Desktop
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 12:54:58 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/10/2011 10:47:02 AM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/10/2011 10:49:02 AM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/11/2011 5:15:02 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/11/2011 5:17:24 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/12/2011 3:11:46 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/12/2011 3:12:57 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/14/2011 12:22:03 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/14/2011 12:23:54 PM | Computer Name = solomons-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/15/2011 2:04:47 AM | Computer Name = solomons-PC | Source = MsiInstaller | ID = 11706
Description =

[ Hewlett-Packard Events ]
Error - 12/9/2010 11:10:10 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 12/9/2010 11:59:34 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 1/3/2011 7:34:24 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011103033407.xml
File not created by asset agent

Error - 2/16/2011 12:26:54 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021116082637.xml
File not created by asset agent

Error - 2/28/2011 7:33:53 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021128033351.xml
File not created by asset agent

Error - 5/9/2011 6:57:33 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051109035730.xml
File not created by asset agent

Error - 5/30/2011 10:12:50 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051130071247.xml
File not created by asset agent

Error - 6/20/2011 10:10:18 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061120071015.xml
File not created by asset agent

Error - 6/27/2011 10:30:22 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061127073019.xml
File not created by asset agent

Error - 7/11/2011 10:39:03 PM | Computer Name = solomons-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071111073900.xml
File not created by asset agent

[ System Events ]
Error - 10/2/2011 3:22:13 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:13 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 3:22:14 AM | Computer Name = solomons-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/2/2011 10:38:11 AM | Computer Name = solomons-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:30:01 AM on ?10/?2/?2011 was unexpected.

Error - 10/2/2011 10:38:12 AM | Computer Name = SOLOMONS-PC | Source = BugCheck | ID = 1001
Description =


< End of report >

Thanks for your help
  • 0

Advertisements

#2
Essexboy
Posted 09 October 2011 - 03:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. Lets clear retrogamer first and then proceed from there. Once this run has completed could you let me know what your current problems are

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/05/31 10:41:38 | 000,034,856 | ---- | M] (Retrogamer) [Auto | Running] -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
    IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
    FF - prefs.js..extensions.enabledItems: 2zffxtbr@Retrogamer_2z.com:1.2
    FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll (Retrogamer)
    O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
    O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    [2011/08/10 16:28:18 | 000,096,320 | ---- | C] (Retrogamer) -- C:\Users\solomons\AppData\Local\RetrogamerAuto.exe
    [2011/10/02 08:00:33 | 000,005,931 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp6.html
    [2011/10/02 08:00:29 | 000,001,892 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp1.html
    [2011/10/01 21:52:13 | 000,005,600 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp8.html
    [2010/06/09 18:39:05 | 000,000,000 | -HSD | M] -- C:\Users\solomons\AppData\Roaming\.#

    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Retrogamer_2z

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
maltyfamily
Posted 09 October 2011 - 11:28 PM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the new OTL

OTL logfile created on: 10/9/2011 1:46:20 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\solomons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.92 Gb Available Physical Memory | 76.41% Memory free
15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.50 Gb Total Space | 770.47 Gb Free Space | 83.70% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SOLOMONS-PC | User Name: solomons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 08:44:33 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/10/02 08:12:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\solomons\Downloads\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/07 22:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 08:02:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/09/18 08:02:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/09/18 08:02:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/09/18 08:02:10 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/09/18 08:02:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/18 08:00:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/09/18 08:00:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/18 08:00:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/18 07:59:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/18 07:59:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/18 07:59:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/18 07:31:19 | 012,160,056 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/08/18 07:31:07 | 001,699,384 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/03 08:44:33 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/09/21 17:21:35 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/07 22:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/04 16:32:48 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=HPDTDF&q="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: [email protected]:4.4.0.7
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=HPDTDF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/09/15 10:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 15:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\solomons\AppData\Roaming\Move Networks [2010/11/25 11:23:10 | 000,000,000 | ---D | M]

[2010/03/18 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 07:39:04 | 000,001,834 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\searchplugins\bing.xml
[2011/10/06 16:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/06 16:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/15 10:38:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\RETROGAMER_2Z\BAR\1.BIN
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Retrogamer Plugin Stub (Enabled) = C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: AVG Safe Search = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/09 13:38:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zSrcAs.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\PROGRA~2\RETROG~2\bar\1.bin\2zbar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O1364bit: - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B14D83D-9B51-4C20-B163-016E5B182566}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABC33E4A-DE21-4CB8-B9F0-FFE574536755}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 10:56:20 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/07/20 16:56:36 | 000,253,952 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/24 11:33:33 | 000,007,974 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ec7444c-4b02-11df-83dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec7444c-4b02-11df-83dd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006/07/20 16:56:36 | 000,253,952 | R--- | M] (Firaxis Games)
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell - "" = AutoRun
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 13:38:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 21:11:11 | 000,000,000 | ---D | C] -- C:\a6ddfb378844eb3896fbd5dd00fa8d
[2011/10/04 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/10/03 18:43:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/02 07:38:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/01 22:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\solomons\Documents\Anti-Malware
[2011/10/01 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011/10/01 21:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/01 19:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/01 19:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/01 18:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/01 15:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/30 23:37:32 | 000,000,000 | ---D | C] -- C:\9d541152a839182ee00668f7c9f3
[2011/09/16 09:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

========== Files - Modified Within 30 Days ==========

[2011/10/09 13:50:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 13:50:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 13:43:26 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 13:42:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 13:42:35 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 13:38:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/09 13:33:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 12:15:01 | 000,017,388 | ---- | M] () -- C:\Users\solomons\Desktop\Open Today.odt
[2011/10/07 04:39:56 | 134,352,362 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/06 16:58:10 | 000,013,631 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp11.html
[2011/10/04 21:06:38 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/10/04 14:43:06 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/02 08:02:01 | 000,024,049 | ---- | M] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/01 23:56:21 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 22:29:03 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:44:43 | 000,000,838 | ---- | M] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 18:39:39 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:05:54 | 000,002,054 | ---- | M] () -- C:\Users\solomons\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 14:44:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsolomons.job
[2011/10/01 06:51:17 | 000,000,000 | ---- | M] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/22 17:33:55 | 000,277,223 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/18 00:59:51 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 00:59:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 00:59:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/16 09:22:38 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/09/15 10:38:20 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/10/06 16:58:10 | 000,013,631 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp11.html
[2011/10/04 21:06:38 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/10/01 23:56:21 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 22:29:03 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:44:43 | 000,000,838 | ---- | C] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 21:01:27 | 000,024,049 | ---- | C] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/01 18:39:39 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:05:54 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 06:51:17 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/16 09:22:38 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/24 21:14:29 | 000,000,128 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/02/26 18:45:04 | 000,149,151 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp232323232%7FFP537(5)NU=3384)895)969)WSNRCG=329248( ;5347NU0MRJ.JPG
[2011/02/15 09:55:36 | 000,913,226 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp124.JPG
[2011/02/15 09:54:53 | 000,901,323 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp103.JPG
[2011/02/15 09:54:19 | 000,925,819 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp093.JPG
[2011/02/15 09:53:41 | 000,915,735 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp090.JPG
[2010/12/14 13:32:28 | 000,041,190 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].3
[2010/12/14 13:32:28 | 000,040,167 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].2
[2010/12/14 13:32:27 | 000,040,183 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].1
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].JPG
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].0
[2010/05/14 13:13:14 | 000,092,590 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.1
[2010/05/14 13:13:12 | 000,108,382 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.0
[2010/05/14 13:13:12 | 000,090,246 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.JPG
[2010/05/14 13:12:34 | 000,087,426 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH AND.JPG
[2010/05/13 09:22:32 | 000,029,184 | ---- | C] () -- C:\Users\solomons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 23:41:55 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Roaming\wklnhst.dat
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/15 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\AVG10
[2010/03/17 13:36:32 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Gamelab
[2010/03/17 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\GOL_byHasbro
[2011/10/01 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\IObit
[2010/07/05 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\iWin
[2011/08/14 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\My Games
[2010/05/12 10:15:06 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\OpenOffice.org
[2010/03/05 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PictureMover
[2010/04/07 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PlayFirst
[2011/09/30 21:29:43 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sammsoft
[2010/03/16 10:58:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sierra Entertainment
[2010/04/25 23:42:07 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Template
[2010/03/06 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\WinBatch
[2011/01/29 12:30:56 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Windows Live Writer
[2011/08/31 10:00:29 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/09/15 07:30:01 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3F2F06F2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:EA34E08F

< End of report >

MBR scan

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-09 14:09:57
-----------------------------
14:09:57.696 OS Version: Windows x64 6.1.7601 Service Pack 1
14:09:57.696 Number of processors: 4 586 0x402
14:09:57.696 ComputerName: SOLOMONS-PC UserName: solomons
14:09:59.318 Initialize success
14:10:06.166 AVAST engine defs: 11100901
14:10:13.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
14:10:13.015 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
14:10:15.105 Disk 0 MBR read successfully
14:10:15.105 Disk 0 MBR scan
14:10:15.121 Disk 0 unknown MBR code
14:10:15.121 Service scanning
14:10:17.695 Modules scanning
14:10:17.695 Disk 0 trace - called modules:
14:10:17.726 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor64.sys
14:10:17.726 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073b3060]
14:10:17.726 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80067fd060]
14:10:19.458 AVAST engine scan C:\Windows
14:10:22.047 AVAST engine scan C:\Windows\system32
14:12:08.829 AVAST engine scan C:\Windows\system32\drivers
14:12:23.415 AVAST engine scan C:\Users\solomons
14:18:28.628 AVAST engine scan C:\ProgramData
14:20:56.828 Scan finished successfully
14:38:06.599 Disk 0 MBR has been saved successfully to "C:\Users\solomons\Desktop\MBR.dat"
14:38:06.615 The log file has been saved successfully to "C:\Users\solomons\Desktop\aswMBR scan.txt"


The computer is continuing to either crash to the blue screen or just freeze and need a hard shut down. If the computer freezes the picture on the monitor also gets a bunch of lines over it. So I included the last three crash dump analysis that all occured after the things you had me do.



On Mon 10/10/2011 4:54:18 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\100911-54912-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x7F (0x8, 0x80050031, 0x6F8, 0xFFFFF80002AFBEEE)
Error: UNEXPECTED_KERNEL_MODE_TRAP
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 10/10/2011 4:06:29 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\100911-43633-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x18 (0x0, 0xFFFFFA800A805CB0, 0x2, 0xFFFFFFFFFFFFFFFF)
Error: REFERENCE_BY_POINTER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the reference count of an object is illegal for the current state of the object.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 10/10/2011 2:44:35 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\100911-50856-01.dmp
This was probably caused by the following module: ndis.sys (ndis+0x64110)
Bugcheck code: 0x1E (0x0, 0x0, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\ndis.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NDIS 6.20 driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


Thanks for all your help.
  • 0

#4
Essexboy
Posted 10 October 2011 - 10:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check out the drivers now, are you ready for some detective work ?

Step 1: Start the System Configuration Utility

Click Start, type msconfig in the Start Search box, and then press ENTER.

If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.
Back to the top

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

Once you get the problems recurring note the last set of services started and post them back here :)
  • 0

#5
maltyfamily
Posted 10 October 2011 - 03:07 PM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The computer is still having the same issues with ALL serviced disabled.
  • 0

#6
Essexboy
Posted 10 October 2011 - 03:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you reset all the services as they should be and we will run a heavyweight tool from outside of windows

Please download the following programmes to your desktop:

Dr Web Live CD (To change the page to English in the top right is a small drop down use that )

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#7
maltyfamily
Posted 12 October 2011 - 09:10 AM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I did the scan and nothing was found, but my computer hasn't done anything in the last 20 hours. Sometimes it would look good for a day or two and then go back to the same thing. Here is the new OTL log and I'll post another reply when the computer starts freezing or crashing again.

Thanks again

OTL logfile created on: 10/11/2011 9:52:48 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\solomons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 78.25% Memory free
15.50 Gb Paging File | 13.68 Gb Available in Paging File | 88.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.50 Gb Total Space | 768.69 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS

Computer Name: SOLOMONS-PC | User Name: solomons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 08:44:33 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/10/02 08:12:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\solomons\Downloads\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 08:02:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/09/18 08:02:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/09/18 08:02:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/09/18 08:02:10 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/09/18 08:02:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/18 08:00:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/09/18 08:00:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/18 08:00:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/18 07:59:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/18 07:59:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/18 07:59:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/18 07:31:19 | 012,160,056 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/08/18 07:31:07 | 001,699,384 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/05/12 09:50:23 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/03 08:44:33 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/09/21 17:21:35 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/07 22:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/04 16:32:48 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=HPDTDF&q="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/09/15 10:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 15:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\solomons\AppData\Roaming\Move Networks [2010/11/25 11:23:10 | 000,000,000 | ---D | M]

[2010/03/18 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions
[2011/10/01 19:13:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 07:39:04 | 000,001,834 | ---- | M] () -- C:\Users\solomons\AppData\Roaming\Mozilla\Firefox\Profiles\fng3bu6b.default\searchplugins\bing.xml
[2011/10/06 16:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/06 16:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/15 10:38:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Retrogamer Plugin Stub (Enabled) = C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\solomons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\solomons\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\solomons\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: AVG Safe Search = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Users\solomons\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/09 13:38:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zSrcAs.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\PROGRA~2\RETROG~2\bar\1.bin\2zbar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\PROGRA~2\RETROG~2\bar\1.bin\2zbrmon.exe File not found
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - Startup: C:\Users\solomons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O1364bit: - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B14D83D-9B51-4C20-B163-016E5B182566}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABC33E4A-DE21-4CB8-B9F0-FFE574536755}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell - "" = AutoRun
O33 - MountPoints2\{4f009c32-5dd7-11df-8d13-e0cb4ea70074}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 18:05:27 | 006,055,875 | ---- | C] (LIGHTNING UK!) -- C:\Users\solomons\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/10/09 13:38:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 21:11:11 | 000,000,000 | ---D | C] -- C:\a6ddfb378844eb3896fbd5dd00fa8d
[2011/10/04 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/10/03 18:43:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/02 07:38:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/01 22:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/10/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\solomons\Documents\Anti-Malware
[2011/10/01 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011/10/01 21:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/01 19:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/01 19:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/01 18:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/01 15:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/30 23:37:32 | 000,000,000 | ---D | C] -- C:\9d541152a839182ee00668f7c9f3
[2011/09/16 09:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

========== Files - Modified Within 30 Days ==========

[2011/10/11 09:52:17 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 09:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 09:51:48 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 00:33:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/10 18:05:38 | 006,055,875 | ---- | M] (LIGHTNING UK!) -- C:\Users\solomons\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/10/10 16:58:28 | 186,017,792 | ---- | M] () -- C:\Users\solomons\Desktop\drweb-livecd-600.iso
[2011/10/10 15:46:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 15:46:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 15:39:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsolomons.job
[2011/10/10 13:33:52 | 000,017,634 | ---- | M] () -- C:\Users\solomons\Desktop\Open Today.odt
[2011/10/09 22:19:07 | 000,018,293 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp14.html
[2011/10/09 22:18:29 | 000,001,892 | ---- | M] () -- C:\Users\solomons\AppData\Local\Temp1.html
[2011/10/09 14:38:06 | 000,000,512 | ---- | M] () -- C:\Users\solomons\Desktop\MBR.dat
[2011/10/09 13:52:33 | 000,001,154 | ---- | M] () -- C:\Users\solomons\Desktop\aswMBR - Shortcut.lnk
[2011/10/09 13:38:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/07 04:39:56 | 134,352,362 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/04 21:06:38 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/10/04 14:43:06 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/02 08:02:01 | 000,024,049 | ---- | M] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/01 23:56:21 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 22:29:03 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:44:43 | 000,000,838 | ---- | M] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 18:39:39 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:05:54 | 000,002,054 | ---- | M] () -- C:\Users\solomons\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 06:51:17 | 000,000,000 | ---- | M] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/22 17:33:55 | 000,277,223 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/18 00:59:51 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 00:59:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 00:59:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/16 09:22:38 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/09/15 10:38:20 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/10/10 15:43:18 | 186,017,792 | ---- | C] () -- C:\Users\solomons\Desktop\drweb-livecd-600.iso
[2011/10/10 15:38:09 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2011/10/10 15:38:09 | 000,001,237 | ---- | C] () -- C:\Users\solomons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/10/09 22:19:07 | 000,018,293 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp14.html
[2011/10/09 19:52:46 | 000,001,892 | ---- | C] () -- C:\Users\solomons\AppData\Local\Temp1.html
[2011/10/09 14:38:06 | 000,000,512 | ---- | C] () -- C:\Users\solomons\Desktop\MBR.dat
[2011/10/09 13:52:33 | 000,001,154 | ---- | C] () -- C:\Users\solomons\Desktop\aswMBR - Shortcut.lnk
[2011/10/04 21:06:38 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/10/01 23:56:21 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/01 22:29:03 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/10/01 21:44:43 | 000,000,838 | ---- | C] () -- C:\Users\solomons\Desktop\WhoCrashed.lnk
[2011/10/01 21:01:27 | 000,024,049 | ---- | C] () -- C:\Users\solomons\Desktop\bad files.odt
[2011/10/01 18:39:39 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:05:54 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/01 15:05:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 06:51:17 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Local\{638D4191-A5C7-41D2-8C22-42AB23DCFA8A}
[2011/09/16 09:22:38 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/24 21:14:29 | 000,000,128 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/02/26 18:45:04 | 000,149,151 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp232323232%7FFP537(5)NU=3384)895)969)WSNRCG=329248( ;5347NU0MRJ.JPG
[2011/02/15 09:55:36 | 000,913,226 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp124.JPG
[2011/02/15 09:54:53 | 000,901,323 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp103.JPG
[2011/02/15 09:54:19 | 000,925,819 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp093.JPG
[2011/02/15 09:53:41 | 000,915,735 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmp090.JPG
[2010/12/14 13:32:28 | 000,041,190 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].3
[2010/12/14 13:32:28 | 000,040,167 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].2
[2010/12/14 13:32:27 | 000,040,183 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].1
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].JPG
[2010/12/14 13:32:26 | 000,043,932 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpJASON[1].0
[2010/05/14 13:13:14 | 000,092,590 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.1
[2010/05/14 13:13:12 | 000,108,382 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.0
[2010/05/14 13:13:12 | 000,090,246 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH RACHEL.JPG
[2010/05/14 13:12:34 | 000,087,426 | ---- | C] () -- C:\Users\solomons\AppData\Local\tmpSARAH AND.JPG
[2010/05/13 09:22:32 | 000,029,184 | ---- | C] () -- C:\Users\solomons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 23:41:55 | 000,000,000 | ---- | C] () -- C:\Users\solomons\AppData\Roaming\wklnhst.dat
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/15 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\AVG10
[2010/03/17 13:36:32 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Gamelab
[2010/03/17 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\GOL_byHasbro
[2011/10/01 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\IObit
[2010/07/05 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\iWin
[2011/08/14 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\My Games
[2010/05/12 10:15:06 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\OpenOffice.org
[2010/03/05 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PictureMover
[2010/04/07 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\PlayFirst
[2011/09/30 21:29:43 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sammsoft
[2010/03/16 10:58:25 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Sierra Entertainment
[2010/04/25 23:42:07 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Template
[2010/03/06 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\WinBatch
[2011/01/29 12:30:56 | 000,000,000 | ---D | M] -- C:\Users\solomons\AppData\Roaming\Windows Live Writer
[2011/08/31 10:00:29 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/09/15 07:30:01 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3F2F06F2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:EA34E08F

< End of report >
  • 0

#8
Essexboy
Posted 12 October 2011 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I am beginning to think it is a driver issue on one of your programmes, mayhap it is a conflict. Although having said that I can see nothing apparent, lets run for a day or so to see if it recurs
  • 0

#9
maltyfamily
Posted 12 October 2011 - 01:34 PM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I think you might be right about the driver. I just tried to turn it on and the monitor says no signal. Do you know how to figure out what driver needs fixed.
  • 0

#10
Essexboy
Posted 12 October 2011 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With the monitor stating no signal would lead me to believe that your video card is about to expire.

Lets have a look at that area

Download Speedfan and install it.

Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

Posted Image(this is a screenshot from a vista machine)
  • 0

Advertisements

#11
maltyfamily
Posted 12 October 2011 - 10:06 PM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is what you asked for, but there was nothing in the bottom boxs you circled.

Fan1: 1722 RPM
fan2: 1089 RPM
fan3: 0 RPM


GPU: 67C
Temp1: 42C
Temp2: -128C
Temp3: 23C
HDO: 30C
Core: 25C
  • 0

#12
Essexboy
Posted 13 October 2011 - 11:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It gave me the information I was after though

GPU: 67C

Your video card is running at a high temperature and either the fan is/has failed or is on the way out.

The first step I feel would be to clean the computer of any dust or obstruction

A small guide here

Is this a laptop or desktop ?
Also is the video card integral or have you added one ?
  • 0

#13
maltyfamily
Posted 14 October 2011 - 08:36 AM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It is a desktop with an integrated video card and we already cleaned the dust out right before the original post. Yes there was a lot of dust.
Is there a way to tell with fan is going out.

Thanks again.
  • 0

#14
Essexboy
Posted 14 October 2011 - 11:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it will mean running the computer with the case opened though..

With the case open run a fairly intensive programme for video, i.e. a game or a youtube clip and listen to see if the fans are working as they should.

Also can you confirm that you are still getting blue screens
  • 0

#15
maltyfamily
Posted 15 October 2011 - 10:18 AM

maltyfamily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Since you mentioned it I realized that it has not gone to the blue screen in four or five days.

I watched the fans and they were all spinning seemingly normally. While I was playing a game with the cover open, the monitor picture was just a bunch of colorful line and the computer made a noise until I hard shut it down. As I tested the computer more I realized that little things weren't working right. Some things currently happening are some online games won't play if you start a game it either freezes, does the colorful lines and noise or just shuts the browser down. When I tried to watch a tv show online it would freeze, get a no signal or keep restarting the show at the begining after a minute or two of playing normally.

any other thoughts?

Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP