Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspicious Activity on Desktop Windows 7 Home


  • Please log in to reply

#1
sweetgirlblah

sweetgirlblah

    Member

  • Member
  • PipPip
  • 10 posts
I'm not sure that I have a virus, spyware, malware, or any problem. I'm suspicious that I may because about once every week or so my system will restart and get a blue screen. This could be due to a windows update (the restart) and some corrupt system files (the blue screen) - I don't know. Most of the time this happens in the middle of the night and I am not aware of it right away.

Also (and the reason I am posting this), I recently went to check my paypal account which I haven't used in several years. When I went to https://www.paypal.com (not through a link) it came up in what I believe is chinese. I've checked the website on a laptop and also had a friend check on their computer and it comes up in English. I realize it's possible that my paypal account was comprised, but I can't log into it and realize I shouldn't even try. A friend of mine (not someone that can check my computer) is convinced that I have malware or a virus of some sort and he says that is why the website comes up in chinese.

I use Avast free software. I have my computer on almost all the time and use it almost all day. When it does go in to sleep mode, the internet is cut off so when I do wake it up -I have to connect manually to the internet again. I'm not sure if that is important information, but I wanted to mention it.

I'm sorry I don't know what else to say at this point to help identify if I have a real problem with my computer. Thank you for any help or direction you can give me.

Below you will find a quick scan OTL log. OTL also gave me and "Extras" notepad that shows a lot of errors in it so I made some space and put it after the quick scan report. I apologize if it's too much information, but I thought it might be important. Thank you.



OTL logfile created on: 7/17/2013 9:34:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karen\Downloads\landing
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.23% Memory free
8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 786.91 Gb Free Space | 84.49% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/17 21:24:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Downloads\landing\OTL.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 11:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 11:49:43 | 013,599,184 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 11:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 11:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 11:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 11:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/03 12:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/11 18:25:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/09 20:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 13:25:21 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/27 13:25:20 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 13:25:20 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/29 20:44:06 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/18 22:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 09:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/19 10:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/03/25 00:54:24 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 17:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 3F 50 AF C2 EA CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {E7167169-CC53-48BC-9E07-726F669ACC0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{E7167169-CC53-48BC-9E07-726F669ACC0E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Karen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Karen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Karen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 18:13:58 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Karen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Karen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: gafocus.com ([www] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{455A2320-8961-4646-9EAD-5300D404A168}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A26E1D5E-F485-4285-B583-552F212FA48E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F834ABEE-A6AF-4CC6-9FD2-3AF7465523A8}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/07 12:17:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2013/07/04 17:15:53 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rush for Gold - Alaska
[2013/07/04 17:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rush for Gold - Alaska
[2013/07/04 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rush for Gold - Alaska
[2013/07/04 15:08:33 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Great American Opportunities
[2013/06/29 21:39:53 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Nitreal Games
[2013/06/29 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gardens Inc - From Rakes to Riches
[2013/06/29 21:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gardens Inc - From Rakes to Riches
[2013/06/29 21:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gardens Inc - From Rakes to Riches
[2013/06/29 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013/06/27 18:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/27 18:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/27 18:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/27 18:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/27 18:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/27 18:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/06/25 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Shop 2
[2013/06/25 19:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Shop 2
[2013/06/25 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Shop 2
[2013/06/25 18:27:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013/06/25 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\canon
[2013/06/25 18:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/06/25 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013/06/25 18:10:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2013/06/25 18:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX450 series User Registration
[2013/06/25 18:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013/06/25 18:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/06/25 18:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/06/25 18:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX450 series Manual
[2013/06/25 18:04:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/06/25 18:03:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/06/25 18:03:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013/06/25 18:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/17 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2693790249-4028460613-2276969638-1000UA.job
[2013/07/17 20:37:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2693790249-4028460613-2276969638-1003UA.job
[2013/07/17 17:37:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2693790249-4028460613-2276969638-1003Core.job
[2013/07/17 15:54:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2693790249-4028460613-2276969638-1000Core.job
[2013/07/17 12:40:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 12:40:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 08:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/15 01:46:53 | 415,501,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/15 01:46:53 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/07/15 01:46:47 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/10 21:02:04 | 000,001,031 | ---- | M] () -- C:\Users\Karen\Desktop\Continue Install RocketPDF installation.lnk
[2013/07/09 15:26:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/07/04 15:08:33 | 000,000,328 | ---- | M] () -- C:\Users\Karen\Desktop\FOCUS.appref-ms
[2013/07/04 14:50:15 | 000,773,920 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/04 14:50:15 | 000,660,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/04 14:50:15 | 000,121,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/04 14:50:07 | 000,773,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/29 15:12:29 | 000,000,318 | ---- | M] () -- C:\Users\Karen\Desktop\Curse Client.appref-ms
[2013/06/27 18:31:20 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/27 13:25:21 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 13:25:21 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 13:25:21 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 13:25:20 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 13:25:20 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 13:25:20 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/25 18:08:51 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/06/25 18:04:39 | 000,002,358 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX450 series On-screen Manual.lnk
[2013/06/25 11:01:28 | 000,009,020 | ---- | M] () -- C:\Users\Karen\profiles.xml
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/09 15:26:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/07/09 15:26:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/07/09 14:32:41 | 000,001,031 | ---- | C] () -- C:\Users\Karen\Desktop\Continue Install RocketPDF installation.lnk
[2013/07/04 15:08:33 | 000,000,328 | ---- | C] () -- C:\Users\Karen\Desktop\FOCUS.appref-ms
[2013/06/29 15:12:29 | 000,000,318 | ---- | C] () -- C:\Users\Karen\Desktop\Curse Client.appref-ms
[2013/06/27 13:25:21 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 13:19:35 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/26 13:19:35 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/25 18:10:09 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\CNC1768D.TBL
[2013/06/25 18:08:51 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/06/25 18:04:39 | 000,002,358 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX450 series On-screen Manual.lnk
[2013/03/07 15:32:39 | 000,000,044 | ---- | C] () -- C:\Users\Karen\jagex_cl_runescape_LIVE.dat
[2013/03/07 15:32:39 | 000,000,024 | ---- | C] () -- C:\Users\Karen\random.dat
[2013/03/02 21:53:28 | 000,009,020 | ---- | C] () -- C:\Users\Karen\profiles.xml
[2012/02/25 18:07:45 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/12/13 20:26:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/27 14:39:00 | 000,000,632 | RHS- | C] () -- C:\Users\Karen\ntuser.pol
[2011/08/27 16:21:44 | 000,773,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/25 11:02:02 | 000,000,000 | -HSD | M] -- C:\Users\Karen\AppData\Roaming\.#
[2012/12/06 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\1morebee
[2013/04/05 18:43:19 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\adelantado_big_fish_en
[2012/11/19 21:29:38 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AlawarEntertainment
[2012/11/20 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\aliasworlds
[2013/05/29 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Blueberry
[2013/01/06 17:02:33 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Boolat Games
[2012/12/02 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Brabl
[2013/07/04 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\canon
[2012/12/10 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Casual Arts
[2013/05/25 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Curse Advertising
[2013/03/03 10:55:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Elephant Games
[2011/05/24 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Free PDF Tablet
[2012/12/16 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gaijin Ent
[2012/12/03 10:39:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\gogii
[2012/06/02 08:25:18 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Happy Artist Studio
[2012/05/13 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Happy Chef
[2012/06/07 16:42:55 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HipSoft
[2012/02/25 18:26:49 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\iYogi
[2013/05/29 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\LogSys
[2012/06/06 15:05:02 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MagicIndie
[2012/06/21 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Merscom
[2013/05/26 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mumble
[2013/06/29 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Nitreal Games
[2012/12/20 00:32:28 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Oberon Games
[2011/09/23 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Oberon Media
[2012/02/17 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Origin
[2013/03/29 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Ph03nixNewMedia
[2013/04/27 22:01:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\PlayFirst
[2011/08/14 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\playmink
[2013/07/04 21:15:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Rainbow
[2013/03/23 16:21:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\RIFT
[2011/09/23 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sandlot Games
[2013/07/10 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2011/08/14 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Stand O'Food 3
[2012/02/14 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Stardock
[2012/05/31 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SulusGames
[2011/08/27 16:22:34 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2012/05/11 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Valusoft
[2011/10/08 18:46:41 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 261 bytes -> C:\ProgramData\TEMP:5539129F
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:6E11933F
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:8967C154
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:CBAB74CB
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:A2B3764A
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:EBCF5924
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:922DA2DB
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:371060CE
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:063969F8
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:04ADB7A6
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:97995ED4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:393F7B1E
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:8DA9DB01
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:91730504
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:18897B1D
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:538B96B5
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:4C624F9A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3A4C8FE7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3FE1A827
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2F5A06FD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F67947AF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:57173DB4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:28819F45
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:073139EC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C049F97
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:69FD6BF0

< End of report >





OTL Extras logfile created on: 7/17/2013 9:34:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karen\Downloads\landing
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.23% Memory free
8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 786.91 Gb Free Space | 84.49% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010B5D1B-4E04-4897-98DB-51F3F734389C}" = rport=445 | protocol=6 | dir=out | app=system |
"{077DD1C4-2430-426C-AB57-7F9FB27A74F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B15F0D3-39C1-43EC-9BE1-DC5492C3B778}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D82E980-AB25-4327-834B-A56B52774DBD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15676088-80C3-4ED3-B784-B5A7518BACA8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1B5FA0FC-7098-4702-9CDD-EB32E595106E}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FE0404B-61F6-42D7-97BB-D0AC6F0EC7B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21AE653F-C3C0-443B-8C5C-17DCCEE4EBE3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2F087238-AC42-4BA9-AE6C-EC604879B04D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{373263F0-2E39-4CE8-B267-D95C44E2D733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{442877D4-2F13-47E9-867C-B6F5786C553C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C3BB929-7B7E-4CE0-B1B2-39542DB8CDE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F3CA78B-BDF4-41A7-ACF1-F26EE1671859}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56400AB7-F1EB-4096-80C4-B6A6DA5DEBE7}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AC42E12-C2AE-4BA6-90D0-74B0394E2597}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E96B228-EC0C-45C4-A1FC-671665E257A9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6ECAC1CF-B5CE-45D2-8528-F00C26559A74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81FCC961-3BF1-4B8F-8C9A-C6085A96B0F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{84ACD1C4-7FF6-403A-A14D-2831FAF83836}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{947DDD56-F02B-410F-9E83-6A1ACD7133B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D8E682F-AD4E-4A05-B9CB-0259636BFDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0469BE7-20C2-44A2-BC31-28E5EA2DB813}" = rport=138 | protocol=17 | dir=out | app=system |
"{A7E816F8-619C-47B8-A63A-D8DD66FE5F75}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD30DA1C-BBE0-4B10-A5EB-A4175AE0D193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3639F64-490F-4EA1-9985-5A5DAD5E4D55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BE4078F9-9CBC-4779-96C1-B00BA0E6D05F}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF9BF948-54A9-4249-AB02-78764A463CD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2AB9AB9-5F47-4007-BAFF-35939BD17C5B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5A58E22-FD52-4C82-A9E0-F1DBF911E535}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7CDF9EB-E8AD-4B6A-866C-CA0D611121C9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D0FECF66-E2C6-471E-8CAD-14B58FD6CDBB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F4398DC9-B4A1-4CE5-A03E-1E234B802F5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD761BA4-9364-43A2-9CF9-DDFD1BB17E12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011E7787-1EDB-4993-ACDC-0D1F3CFAC2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{049234C1-88F7-4162-B819-32253D38A753}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{04D07B63-E400-4F9A-951E-C8C4D73A50FB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{05D9236A-F142-4726-B21B-AADC7F0B4826}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BB6F5EB-692A-460C-8A80-461357A6B2A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C004A25-BF61-48F7-AC99-6E7DB0B5A812}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{0C53F684-1C01-4592-A819-AD4D0E69319E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{12FC8654-69AE-410B-A8A2-A543C130F1B7}" = protocol=58 | dir=in | [email protected],-28545 |
"{144437AD-F048-4DF8-BFE2-F99B9AADB8B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1A3904FA-99E7-49E2-83DD-ACBF9E5391C4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{1B3491AA-C790-40CF-A8E9-D7332293CF64}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1CF8C4B0-8241-4B32-B060-2CED711A322F}" = protocol=1 | dir=out | [email protected],-28544 |
"{2DAAD514-6051-4CDB-8974-E7CCBEAD6A75}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{33B36155-D9DB-458D-A5DF-65D0C1545AE0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{379EF246-DEDD-4545-A8D0-BF84EB7EC8F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{3CB6601D-30E0-40B1-9325-02C7AAE160DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{4113ACE0-FDE3-4E90-968A-114F35824AB7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{43582C17-718B-4814-9E33-84E272EE81B7}" = protocol=6 | dir=out | app=system |
"{45002C04-73DE-430B-B731-3C0B8D6808B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4582C5D4-2A87-4AFB-9D11-182CDA90F972}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{498486B4-A591-42F8-9BD0-747E34E9AE88}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4E3187BB-A9A5-450B-8B19-71FE19FD73AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F3706DB-1C3F-4CD3-827E-C1E364C0CBC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51479763-D85D-4864-A237-763A57E10E1D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{51D18CED-BC34-4323-94F7-7871ECE9EF84}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{55256CB7-493B-4C72-AD2A-5392A03ACE98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{555D603E-D0B7-415E-A534-C0C28C84EDBB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{591A81E2-97C5-4B18-ACE4-5995E3379134}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B58B687-D434-4CC6-9CC9-E49A1F5EAC9E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{631F055C-CC41-4E4B-BE98-E261366A41BA}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{66286E4C-EB3A-473C-8ED1-D5A445897DB4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{6A5431A7-32C9-46E5-8CB9-3AD33E7F29ED}" = protocol=58 | dir=out | [email protected],-28546 |
"{6B54F054-53AE-425D-9CAA-9BE2C7CF0318}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6FFE9166-59F4-48D6-813F-21AF47DE9ADE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71FD75DD-37F6-413C-B3EF-E6BC35F27D2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73392909-A453-4D35-992A-64FC7A3D4BEA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{74F5980E-0FF7-4A5C-B898-7386E526E7F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{768FA301-51F7-4C43-A478-F30F2E8714ED}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{777D8011-5F10-4FD1-85D2-21AD4FF50C93}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7A616B14-F9DD-44BA-BA65-A756E62EA73C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{7AF899EE-3BCD-472B-BF08-FED4F02B72BC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{7CC9259C-2A9F-4FD7-95DF-C3ABEF0A75B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7D0CC279-36D4-4F6F-95E0-087633F245F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{7EBD1121-E47B-46D1-B14E-635C2F191243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F2AE0DC-53CC-4638-AFEC-94390FEA8962}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{806C21AA-9605-4A26-81A1-643787A3CF36}" = protocol=1 | dir=in | [email protected],-28543 |
"{8097BA7D-4B2D-4064-98D0-398A1FCF418F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8573E043-88B5-4FB2-BE61-CD733E1811C3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{89144473-0454-49C8-845C-89E05CFA1B05}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{89741A3F-6E50-42D5-BDCA-3E732582A396}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8A0F3A45-CD53-4D86-8031-2C9E938EA0F9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8AB0636F-0AC7-45BE-B507-9947E0905B94}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93681F66-18BB-45E2-A49D-39EB703BA2D2}" = protocol=58 | dir=in | [email protected],-148 |
"{A3C5107B-7E72-417E-81E0-995C04B9782F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{A8AA3DFD-F36E-42A7-90FB-8C72BC765910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{AAA41ED8-1586-4913-B547-B7D98D7EB961}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{B7552221-D692-45FF-9ED7-3961CFB1D45F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC6225DD-121E-4E71-8908-F3E85FCF06FB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{BFCE7E7A-1861-4578-B27D-24F4EA76F8C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{C4E3833F-D2CC-4854-89BD-4521BA015168}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9174660-AC0C-47E2-B1E0-245FF5E0766E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB27A0DE-1A0F-42C4-B2A4-6DFF70781B1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD3329B5-0D01-4C10-B6B9-50F71D328560}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{CDE0E7F8-74D6-44DD-8C44-29A7ECA8E7CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{D5F96E58-BC82-4647-94A3-63349D9F60BE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D67FB71D-FCAB-4064-934B-BABE6D9883B5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{D7CBC8C9-B9C9-434F-9B79-EA2AA7B93A12}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{D7F52EC2-E08D-4A2D-A7F4-34932DE1A1A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D99DA589-D143-4A99-B53B-E9332AAC66F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{E3A54DBE-910F-4E60-B626-4B38542091FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED47B7E2-B878-4AA1-B55A-7CA6A64D355F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{EDB46BF1-02F1-410B-ACE7-D6312457A425}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{EF91C5D1-5CC7-4E4B-91F9-1F6D3A628342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F07270BB-DDDF-4734-8F11-72994DCFFBCD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{FAF88E45-0450-438E-A61D-19DEC8499625}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{FF8CEC70-3504-466E-AC25-C3B99784609B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{01DA7D42-C227-422B-9EB3-3453D793AB27}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{0CC0AB5D-6336-484B-99F3-955C7CA5732B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3968B927-3DB0-4611-8413-34421845A76E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{3989356D-E109-4053-85CE-F8E99B43BEEA}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{3A69AD66-B840-47D8-A441-CDCECCE3CD1B}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{44C278B5-91CA-4065-BA13-5EFFB4DABA29}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{455DB78D-69C3-428D-BEDF-95E3A1C1788B}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{48C4851C-FEC8-4830-B9FC-C4704E550830}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{4D21E590-8748-4BA9-A25D-28DF9CBCAC04}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{4F51029A-5E5F-462A-B831-39A7341A4FCA}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{5929F8E0-C9CF-47DE-8A23-4F0B5D5220AD}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{59793E11-18C8-4AF3-831C-9821FE8EF8E6}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{59BE6D19-979D-4C32-8EB1-B2CC8BB375D9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{6463D955-8540-486C-80E5-2B3F078F25CB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{6AC6DF71-8409-4F7F-8398-4FAEC3EAF88A}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{70D3B8A9-3625-49D8-9EB6-7991B7D27BED}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{7BD37C2B-B84B-4F72-84C9-A9B81BED7F60}C:\users\karen\downloads\landing\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\karen\downloads\landing\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{7FAE29E0-0761-4314-944D-6DD6ACEBD5AF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{805E7651-C629-4366-A10E-9FE53DA89070}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{8A36D6E7-1C90-4334-A623-F498D10597DE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{9358ED2E-B7E3-4D50-94DD-619F26334E3E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{9FF4FBC4-E72C-42A3-9EF3-8E2F7BF1B35D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{A89DCB8A-7E0D-4602-8446-EA2609CD055D}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{C5DC03A2-5EBB-4B0C-B36F-5D75B142E212}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{C78785AB-3AFB-46D3-BEA1-A43A00510725}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{C8726733-539F-4CD7-BB7D-B0E0C6BB39B0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{CC1DDB7B-7743-4780-A034-2E5A332E9596}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{DCE91A99-D2ED-4E6B-AEB5-2596C95F8FD3}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{DF165D8D-51B7-4E34-B991-DF0C9F1487DC}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{F505B631-9624-418F-B32E-FF5C76FCBBDE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{0C006EE7-7D60-4A37-B95F-0D4760445781}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{20B93D91-354B-4187-89C5-1A3922CCE730}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{21F1BE64-A4E9-46CE-A683-620D84B83197}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{2FBF321C-8705-4905-B2AE-9285BBCCD8C2}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{36C35934-93E6-49D0-B60D-5DD30399A622}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{37C675A5-A155-4A95-90B3-78EF004213D2}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{39AC8E16-16ED-4C3C-916C-116EA85DC472}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{472E44A5-EA69-4364-A075-5398C3B92089}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{4B226C86-41A6-4C95-B22B-1CECE6D25A98}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{583181BA-487F-4870-B20C-A9A32590BAAB}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{59321783-4195-48CD-B181-3C14599C24D6}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{66A61994-B876-450A-8748-1D60DC124284}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{72831DCF-7946-4460-9FEC-BE8D246B40FB}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{7A821356-2B29-4DF0-B0F3-32CD3702F9E0}C:\users\karen\downloads\landing\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\karen\downloads\landing\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{86D61DC2-0364-4681-B961-E7F134FD67CA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{8BCE9795-9FB9-4CEB-8DBA-0E150E7C5001}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"UDP Query User{90DFCD14-69EA-4F42-89C6-5BB0B10F818D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{99B5A4CA-8B99-4506-B9F2-4433E7C6052F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{ACEB307C-0FB5-43B0-B877-2E69584610E1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{B3EEEEB7-C1C4-44DA-AE38-76074AFC0FFA}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{BE17B569-A99B-4DE8-B247-F7D546A94BA9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{C178C475-8C94-41EE-A48B-569E9B7095C0}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{C73A9D7D-18E6-4B93-9B84-9AAA1C2076D3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{C7C78943-389C-4315-896D-4E17003A5295}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{D7CD446E-0581-476E-81BB-234EAD577D6E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{D969CF37-4504-45D1-9D2B-5B272E41C114}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{DD337670-CAC3-441F-A0FC-341D2BB01565}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{E5A704D0-EAAD-48D0-B16A-300F23DB1787}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{EE4D185D-C813-4E44-BB5C-71B42B6DA35B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{FCAFE697-DBA0-43ED-8E8D-0BE8F52E24C5}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series" = Canon MX450 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BB FlashBack Express" = BB FlashBack Express
"BFG-Burger Island 2 - The Missing Ingredients" = Burger Island 2: The Missing Ingredients
"BFG-Burger Shop" = Burger Shop
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Gardens Inc - From Rakes to Riches" = Gardens Inc.: From Rakes to Riches
"BFG-Rush for Gold - Alaska" = Rush for Gold: Alaska
"BFG-Stand O Food 2" = Stand O' Food 2
"BFG-Stand O'Food" = Stand O'Food
"BFG-Stand O'Food 3" = Stand O'Food 3
"Canon MX450 series On-screen Manual" = Canon MX450 series On-screen Manual
"Canon MX450 series User Registration" = Canon MX450 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fraps" = Fraps
"Free PDF Tablet" = Free PDF Tablet 0.1
"Impulse®" = Impulse®
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Speed Dial Utility" = Canon Speed Dial Utility
"SystemRequirementsLab" = System Requirements Lab
"The Sims 3" = The Sims 3
"The Sims 3 Pets" = The Sims 3 Pets
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"dcd0eb9b6e2be9f5" = FOCUS
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2013 6:41:42 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995

Error - 6/30/2013 6:41:43 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/30/2013 6:41:43 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3994

Error - 6/30/2013 6:41:43 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3994

Error - 6/30/2013 6:41:44 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/30/2013 6:41:44 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992

Error - 6/30/2013 6:41:44 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

Error - 6/30/2013 6:41:45 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/30/2013 6:41:45 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5990

Error - 6/30/2013 6:41:45 PM | Computer Name = Karen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5990

[ System Events ]
Error - 7/15/2013 12:16:31 AM | Computer Name = Karen-PC | Source = ipnathlp | ID = 31004
Description =

Error - 7/15/2013 1:46:34 AM | Computer Name = Karen-PC | Source = ipnathlp | ID = 31004
Description =

Error - 7/15/2013 2:16:35 AM | Computer Name = Karen-PC | Source = ipnathlp | ID = 31004
Description =

Error - 7/15/2013 4:16:39 AM | Computer Name = Karen-PC | Source = ipnathlp | ID = 31004
Description =

Error - 7/15/2013 4:46:54 AM | Computer Name = Karen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:45:03 AM on ?7/?15/?2013 was unexpected.

Error - 7/15/2013 4:47:01 AM | Computer Name = KAREN-PC | Source = BugCheck | ID = 1001
Description =

Error - 7/15/2013 4:47:56 AM | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =

Error - 7/15/2013 4:49:17 AM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/15/2013 4:49:17 AM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/15/2013 12:19:53 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I don't see anything obvious but let's get a second opinion:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time (hours).
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Does it make a difference which browser you use? Do you get Chinese on IE, Firefox and Chrome or is it just one? I'm thinking it could be a corrupt cookie if it's just one.

Let's also see what is causing the blue screen


Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Let's clear the errors, run sfc, reboot and see what errors we still have:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does it finish without complaining?)

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
sweetgirlblah

sweetgirlblah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for your quick reply.

I can run the ESET online scanner overnight since it takes hours. I always use google chrome as my browser so I did what you suggested and opened up paypal in IE and it did NOT have the chinese language. It was perfectly okay. You are a genius -I agree that it could be a corrupt cookie.

Re: Blue Screen
Here is my BSOD file:

==================================================
Dump File : 071513-38329-01.dmp
Crash Time : 7/15/2013 1:45:26 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`030c792c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071513-38329-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 7/15/2013 1:47:01 AM
==================================================

==================================================
Dump File : 070613-32151-01.dmp
Crash Time : 7/6/2013 10:52:53 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`0308a92c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\070613-32151-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 7/6/2013 10:54:51 PM
==================================================

==================================================
Dump File : 070313-23774-01.dmp
Crash Time : 7/3/2013 11:54:37 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`0309992c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\070313-23774-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 7/3/2013 11:56:35 AM
==================================================

==================================================
Dump File : 061813-24382-01.dmp
Crash Time : 6/18/2013 12:26:15 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`030e292c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\061813-24382-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 6/18/2013 12:28:01 PM
==================================================

==================================================
Dump File : 061213-30934-01.dmp
Crash Time : 6/12/2013 3:59:03 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`030cd92c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\061213-30934-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 281,616
Dump File Time : 6/12/2013 4:00:59 AM
==================================================

==================================================
Dump File : 061113-21340-01.dmp
Crash Time : 6/11/2013 11:26:57 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`030c692c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\061113-21340-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 288,816
Dump File Time : 6/11/2013 11:28:50 AM
==================================================

==================================================
Dump File : 060913-22495-01.dmp
Crash Time : 6/9/2013 11:29:45 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`030d492c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\060913-22495-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 288,624
Dump File Time : 6/9/2013 11:31:35 PM
==================================================

==================================================
Dump File : 060413-25927-01.dmp
Crash Time : 6/4/2013 11:32:20 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e9292c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\060413-25927-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 6/4/2013 11:34:14 PM
==================================================

==================================================
Dump File : 052913-26738-01.dmp
Crash Time : 5/29/2013 2:31:19 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8692c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052913-26738-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,456
Dump File Time : 5/29/2013 2:33:14 PM
==================================================

==================================================
Dump File : 052913-22963-01.dmp
Crash Time : 5/29/2013 9:22:11 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8c92c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052913-22963-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 5/29/2013 9:24:03 AM
==================================================

==================================================
Dump File : 052113-21590-01.dmp
Crash Time : 5/21/2013 2:53:23 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ed792c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052113-21590-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 287,376
Dump File Time : 5/21/2013 2:55:12 PM
==================================================

==================================================
Dump File : 051913-28407-01.dmp
Crash Time : 5/19/2013 6:24:43 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ece92c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051913-28407-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 5/19/2013 6:26:38 PM
==================================================

==================================================
Dump File : 051513-23166-01.dmp
Crash Time : 5/15/2013 2:40:06 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8e92c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051513-23166-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 284,304
Dump File Time : 5/15/2013 2:41:56 PM
==================================================

==================================================
Dump File : 051313-22854-01.dmp
Crash Time : 5/13/2013 12:54:22 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8592c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051313-22854-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,440
Dump File Time : 5/13/2013 12:56:13 PM
==================================================

==================================================
Dump File : 042713-22042-01.dmp
Crash Time : 4/27/2013 8:42:06 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e9892c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042713-22042-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 4/27/2013 8:43:55 PM
==================================================

==================================================
Dump File : 042213-23056-01.dmp
Crash Time : 4/22/2013 10:22:53 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e9192c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042213-23056-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 289,872
Dump File Time : 4/22/2013 10:24:37 PM
==================================================

==================================================
Dump File : 041113-21918-01.dmp
Crash Time : 4/11/2013 3:52:07 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8792c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041113-21918-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 281,616
Dump File Time : 4/11/2013 3:53:48 AM
==================================================

==================================================
Dump File : 041013-22354-01.dmp
Crash Time : 4/10/2013 1:42:39 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02edca3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041013-22354-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,424
Dump File Time : 4/10/2013 1:44:28 PM
==================================================

==================================================
Dump File : 033113-22245-01.dmp
Crash Time : 3/31/2013 1:21:17 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8ba3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033113-22245-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,216
Dump File Time : 3/31/2013 1:23:06 AM
==================================================

==================================================
Dump File : 032413-26473-01.dmp
Crash Time : 3/24/2013 10:02:55 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8aa3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\032413-26473-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 3/24/2013 10:04:49 PM
==================================================

==================================================
Dump File : 032213-28189-01.dmp
Crash Time : 3/22/2013 11:46:23 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e9ba3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\032213-28189-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 284,112
Dump File Time : 3/22/2013 11:48:21 AM
==================================================

==================================================
Dump File : 031713-22916-01.dmp
Crash Time : 3/17/2013 12:56:26 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e98a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\031713-22916-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 284,208
Dump File Time : 3/17/2013 12:58:15 PM
==================================================

==================================================
Dump File : 031413-29608-01.dmp
Crash Time : 3/14/2013 11:14:01 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e80a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\031413-29608-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 287,760
Dump File Time : 3/14/2013 11:15:53 AM
==================================================

==================================================
Dump File : 030513-27814-01.dmp
Crash Time : 3/6/2013 12:12:19 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ec8a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030513-27814-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 289,392
Dump File Time : 3/6/2013 12:14:10 AM
==================================================

==================================================
Dump File : 030413-22729-01.dmp
Crash Time : 3/4/2013 4:21:08 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ed8a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030413-22729-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 281,616
Dump File Time : 3/4/2013 4:22:48 PM
==================================================

==================================================
Dump File : 030413-22245-01.dmp
Crash Time : 3/4/2013 11:43:55 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e89a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030413-22245-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 289,104
Dump File Time : 3/4/2013 11:45:45 AM
==================================================

==================================================
Dump File : 022413-23197-01.dmp
Crash Time : 2/24/2013 7:01:40 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ec5a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022413-23197-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 285,936
Dump File Time : 2/24/2013 7:03:25 PM
==================================================

==================================================
Dump File : 022113-28548-01.dmp
Crash Time : 2/21/2013 3:51:04 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ecea3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022113-28548-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,064
Dump File Time : 2/21/2013 3:53:00 PM
==================================================

==================================================
Dump File : 021813-29156-01.dmp
Crash Time : 2/18/2013 12:58:21 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e98a3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\021813-29156-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 2/18/2013 1:00:18 PM
==================================================

==================================================
Dump File : 021513-24554-01.dmp
Crash Time : 2/15/2013 1:45:11 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02edaa3c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\021513-24554-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 2/15/2013 1:46:59 AM
==================================================

==================================================
Dump File : 020613-26754-01.dmp
Crash Time : 2/6/2013 11:54:49 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e9fd2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\020613-26754-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 286,032
Dump File Time : 2/6/2013 11:56:35 PM
==================================================

==================================================
Dump File : 020513-34413-01.dmp
Crash Time : 2/5/2013 1:04:47 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ee6d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\020513-34413-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 2/5/2013 1:06:45 AM
==================================================

==================================================
Dump File : 013013-41231-01.dmp
Crash Time : 1/30/2013 11:34:29 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ed7d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\013013-41231-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 1/30/2013 11:36:28 PM
==================================================

==================================================
Dump File : 012813-22994-01.dmp
Crash Time : 1/28/2013 3:49:37 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea2d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012813-22994-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 289,968
Dump File Time : 1/28/2013 3:51:26 PM
==================================================

==================================================
Dump File : 010413-22245-01.dmp
Crash Time : 1/4/2013 5:37:53 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea2d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\010413-22245-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,072
Dump File Time : 1/4/2013 5:39:41 PM
==================================================

==================================================
Dump File : 121812-21949-01.dmp
Crash Time : 12/18/2012 10:54:36 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea1d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\121812-21949-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 12/18/2012 10:56:19 PM
==================================================

==================================================
Dump File : 121312-39842-01.dmp
Crash Time : 12/13/2012 10:35:13 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ed9d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\121312-39842-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 12/13/2012 10:37:16 PM
==================================================

==================================================
Dump File : 120912-27112-01.dmp
Crash Time : 12/9/2012 10:48:27 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea1d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\120912-27112-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 12/9/2012 10:50:20 PM
==================================================

==================================================
Dump File : 120712-21652-01.dmp
Crash Time : 12/7/2012 3:23:43 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ed8d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\120712-21652-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 286,992
Dump File Time : 12/7/2012 3:25:26 PM
==================================================

==================================================
Dump File : 120212-24304-01.dmp
Crash Time : 12/2/2012 7:56:29 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea3d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\120212-24304-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 12/2/2012 7:58:19 PM
==================================================

==================================================
Dump File : 110512-30576-01.dmp
Crash Time : 11/6/2012 12:05:01 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02edcd2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\110512-30576-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 283,112
Dump File Time : 11/6/2012 12:06:51 AM
==================================================

==================================================
Dump File : 103112-36769-01.dmp
Crash Time : 10/31/2012 3:25:28 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02eead2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\103112-36769-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 10/31/2012 3:27:33 PM
==================================================

==================================================
Dump File : 101812-24164-01.dmp
Crash Time : 10/18/2012 1:32:54 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e92d2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101812-24164-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 289,064
Dump File Time : 10/18/2012 1:34:44 PM
==================================================

==================================================
Dump File : 101512-27424-01.dmp
Crash Time : 10/15/2012 3:42:05 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02edbd2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101512-27424-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 10/15/2012 3:44:00 PM
==================================================

==================================================
Dump File : 101412-28282-01.dmp
Crash Time : 10/14/2012 2:16:44 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ea3d2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101412-28282-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 295,840
Dump File Time : 10/14/2012 2:18:44 PM
==================================================

==================================================
Dump File : 100412-38126-01.dmp
Crash Time : 10/4/2012 9:12:22 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e95f2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100412-38126-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,472
Dump File Time : 10/4/2012 9:14:21 PM
==================================================

==================================================
Dump File : 093012-23290-01.dmp
Crash Time : 9/30/2012 11:27:46 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02edcf2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\093012-23290-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 287,848
Dump File Time : 9/30/2012 11:29:31 AM
==================================================

==================================================
Dump File : 092612-26894-01.dmp
Crash Time : 9/26/2012 8:15:58 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e86f2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092612-26894-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 286,376
Dump File Time : 9/26/2012 8:17:46 PM
==================================================

==================================================
Dump File : 092512-26488-01.dmp
Crash Time : 9/25/2012 1:47:34 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e8df2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092512-26488-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 291,464
Dump File Time : 9/25/2012 1:49:22 PM
==================================================

==================================================
Dump File : 092312-35365-01.dmp
Crash Time : 9/23/2012 5:17:33 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02ee7f2c
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c952
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092312-35365-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 283,112
Dump File Time : 9/23/2012 5:19:28 AM
==================================================

I ran the "scannow" prompt and it ran successfully with NO complaints.

Here is my Event View file:
"System"


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/07/2013 11:27:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/07/2013 6:21:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 18/07/2013 6:21:12 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 18/07/2013 6:20:15 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/07/2013 6:20:09 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/07/2013 6:19:15 AM
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/07/2013 6:18:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/07/2013 6:18:17 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll



Event View file
"Application"



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/07/2013 11:36:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/07/2013 6:29:12 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 18/07/2013 6:29:12 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 18/07/2013 6:19:11 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=8E0}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: KAREN-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/07/2013 6:19:09 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=8E0}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
JavaFX 2.1.1
Java™ 6 Update 31

Java 7 Update 21
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Right click on the Avast ball and select About avast! Do you have version 8.0.1489? If not right click on the Avast ball and select Update then Program. (one of your blue screens was from an Avast driver)

As for the cookies, do you know how to go in and selectively clear the paypal cookies or do you need me to figure it out? (I mostly use Firefox myself but I do have Chrome.)

Ron

Bedtime for me. Past midnight here in Washington state.
  • 0

#5
sweetgirlblah

sweetgirlblah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I cleared the Java cache and uninstalled all of the versions. I'll take your advice and leave it off my system for now.

I do have the current version of Avast that you mentioned, but I am updating just to be sure. I also have quite a few Windows updates to run so I'll let that run overnight.

I went into google chrome and pulled up the history and cleared everything from the beginning of time. Then I tried http://www.paypal.com and there was NO chinese language! Hooray!

You have helped me with the main worry I had (making sure I didn't have a virus) -thank you so much! Please let me know if you want me to post something else about the blue screens or, after I've updated everything, I can make another topic at a later date about that problem if it continues.

Thanks again so much for your help!!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
For these two errors:

Log: 'System' Date/Time: 18/07/2013 6:21:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 18/07/2013 6:21:12 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Ideally you could download a new version of Nvidia software from your PC maker's website as this is a mistake in their installation. (Make sure you right click and Run As Admin.) If there is no newer version:

1) In the Search box type in: Services.msc
wait until it finds it then right click on it and Run As Admin

2) Scroll down to "NVIDIA Update Service Daemon"

3) Right-click it and select Properties

4) Click the Logon tab

5) Click the Log on as: Local System Account button ON

6) Click OK

7) Right click the "NVIDIA Update Service Daemon" and click Start

Hopefully it will Start then Stop.




For this error:

Log: 'System' Date/Time: 18/07/2013 6:20:09 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


This is usually caused by some third party software but it can be fixed by following the procedure here:

http://www.itexperie...8-a06ad6d8b4d1/

If you have problems with Step 7 you can take ownership of the key by following the Method 3 "For a Registry Key" instructions here: http://www.vistax64....rship-file.html
This error:

Log: 'System' Date/Time: 18/07/2013 6:19:15 AM
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.



Can be ignored per Microsoft:

http://support.micro....com/kb/2550111

Go to your PC maker's website and see if there are any new drivers available for your PC. The BlueScreen error is usually a bad driver so make sure you have the latest versions that your PC maker offers.

Once you have done the above:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Do the following when the PC has been on for at least an hour:
Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it by right clicking and Run As Admin. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Close, Save and then Attach the file to your next post. Uninstall Speccy when done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP