Will96
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Will96
-
-
Hey, thanks for returning to my thread. Just a head up as I've been still trying to fix my computer. I just uninstalled my Spybot and Malwarebytes because neither of them worked (Errors or corruptions when attempting to open) and I installed Eset (I disabled this when running combofix) I tried scanning a third time in Safe-mode and it miraculously didn't get a BSOD, however it was suspicious of a file called system32.gdi.dll or something. And it later got the BSOD to my dismay. It was "Bad Pool Header" this time. As I tried scanning with ESET, It got stuck on system32.gdi.dll or something similar to that as well.
Here are my logs for OTL
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Will\Desktop\cmd.bat deleted successfully.
C:\Users\Will\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
User: UpdatusUser.WILL-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Wes
->Temp folder emptied: 102845 bytes
User: Will
->Temp folder emptied: 5725724106 bytes
->Temporary Internet Files folder emptied: 1442194 bytes
->Java cache emptied: 41607266 bytes
->FireFox cache emptied: 49982043 bytes
->Flash cache emptied: 43584 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107489 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5,550.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_190343
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
I meant "tried scanning" instead of installing by the way. My bad sorryu.
-
Hey, I just got back. I immediately got on Safe mode and tried installing, but this time I watched my computer scan from the avast scanner you sent me. I once again got a BSOD, however it was "Bad Pool Header" when the scan began checking my System32: gda.dll or something, (it was only a brief second) and it restarted my computer. Perhaps this is more of a hardware issue?? The reason why I think it's suspicious though is that I cannot open Spybot, nor Malwarebytes, but I can run everything else okay.
-
Alright will do, i have to leave about now, i'll be back at 11 AM pst. thanks for helping out so far
-
Thank you for responding. I encountered a new problem when trying to run the avast scanner. I seem get the BSOD with the error IRQL is less than or equal to. I got this error twice as I scanned twice so i am only able to give you the OTL files.
OTL logfile created on: 7/6/2012 8:20:06 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free
7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS
Computer Name: WILL-PC | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (No Company Name) ==========
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2012/06/18 06:05:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/06 09:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/26 20:10:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Will\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012/07/06 02:43:26 | 000,028,488 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/25 10:27:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 08:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E}
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/05 21:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M]
[2010/12/19 19:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2012/06/28 23:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions
[2010/12/21 00:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/16 16:35:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/03 21:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/28 23:08:52 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\WILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RT5IEA1U.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/06/18 06:05:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/05 17:36:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/06/18 06:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 06:04:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/05/22 15:54:03 | 000,442,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15218 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-509424225-914708275-285777440-1018..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/06 08:18:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe
[2012/07/06 08:15:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2012/07/06 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/06 08:03:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe
[2012/07/06 03:35:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Will\Desktop\dds.com
[2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/27 20:16:07 | 000,670,816 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem
[2012/06/27 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\C9
[2012/06/24 11:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN
[2012/06/24 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub
[2012/06/24 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Overwolf
[2012/06/24 11:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\WEBZEN
[2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\FlashgetSetup
[2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\BITS
[2012/06/21 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2012/06/20 22:00:52 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/06/17 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\LOLReplay
[2012/06/17 08:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2012/06/11 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/06 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Chromium
[2012/06/06 09:00:53 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Guild Wars 2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/06 08:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job
[2012/07/06 08:18:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe
[2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2012/07/06 08:07:35 | 000,001,236 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/06 08:07:35 | 000,001,212 | ---- | M] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk
[2012/07/06 08:04:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe
[2012/07/06 08:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000UA.job
[2012/07/06 07:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 03:35:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Will\Desktop\dds.com
[2012/07/06 03:16:19 | 000,002,959 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.lnk
[2012/07/06 03:15:15 | 001,402,880 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.msi
[2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 02:43:26 | 000,028,488 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/07/06 02:36:23 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 01:25:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job
[2012/07/03 07:37:50 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWill.job
[2012/07/03 00:18:53 | 000,001,151 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/07/02 23:23:03 | 000,001,603 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/07/02 10:00:19 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000Core.job
[2012/07/02 08:48:57 | 000,001,071 | ---- | M] () -- C:\Users\Will\Documents - Shortcut.lnk
[2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem
[2012/06/21 19:13:14 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2012/06/21 18:48:54 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI
[2012/06/17 08:16:49 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/06/15 20:14:35 | 000,278,561 | ---- | M] () -- C:\Users\Will\Desktop\Minecraft.exe
[2012/06/11 16:34:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/09 09:24:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/09 09:24:50 | 000,386,040 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2012/06/09 09:24:50 | 000,369,938 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2012/06/09 09:24:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/09 09:24:50 | 000,104,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2012/06/09 09:24:50 | 000,099,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/06 08:07:35 | 000,001,236 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/06 08:07:35 | 000,001,212 | ---- | C] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk
[2012/07/06 03:16:19 | 000,002,959 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.lnk
[2012/07/06 03:15:12 | 001,402,880 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.msi
[2012/07/05 21:59:30 | 000,028,488 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/07/02 23:23:03 | 000,001,603 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/07/02 08:48:57 | 000,001,071 | ---- | C] () -- C:\Users\Will\Documents - Shortcut.lnk
[2012/06/21 19:13:14 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2012/06/21 18:48:54 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/06/17 08:16:49 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/06/15 20:13:33 | 000,278,561 | ---- | C] () -- C:\Users\Will\Desktop\Minecraft.exe
[2012/06/11 16:34:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/05 17:18:25 | 000,000,023 | ---- | C] () -- C:\Users\Will\jagexappletviewer.preferences
[2012/03/13 17:40:41 | 000,000,043 | ---- | C] () -- C:\Users\Will\jagex_cl_runescape_LIVE.dat
[2012/03/13 17:40:41 | 000,000,024 | ---- | C] () -- C:\Users\Will\random.dat
[2012/01/02 19:58:40 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/01/02 19:58:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/20 23:27:29 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/20 23:27:29 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/08/26 23:08:32 | 000,002,702 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/04 23:46:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/04 23:46:51 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/04 23:46:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/07/04 23:46:28 | 000,003,584 | ---- | C] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 23:02:06 | 000,782,152 | ---- | C] () -- C:\Users\Will\FUNNIEST LOL MATCH EVER.png
[2011/06/01 20:17:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/01 20:15:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/12/19 19:33:27 | 000,000,632 | RHS- | C] () -- C:\Users\Will\ntuser.pol
[2010/12/01 22:39:47 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/31 13:56:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 06:03:03 | 000,369,938 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2010/07/28 06:03:03 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2010/07/28 06:03:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2010/07/28 06:03:03 | 000,104,382 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2010/07/28 06:03:03 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2010/07/28 06:03:02 | 000,386,040 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2010/07/28 06:03:02 | 000,099,468 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2010/07/28 06:03:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2010/07/25 19:36:53 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
========== LOP Check ==========
[2012/07/01 18:56:50 | 000,000,000 | R--D | M] -- C:\Users\Will\AppData\Roaming\.minecraft
[2010/12/19 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Auslogics
[2012/06/24 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BITS
[2011/12/06 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Downloaded Installations
[2011/07/02 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ESET
[2012/06/26 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\FlashgetSetup
[2012/04/12 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Foxit Software
[2011/04/25 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient
[2012/05/29 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient2
[2012/06/04 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mumble
[2012/03/09 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Tunngle
[2011/10/01 18:31:23 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 7/6/2012 8:20:06 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free
7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS
Computer Name: WILL-PC | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027ADFF8-8F2A-4340-91FA-C3E59A113C90}" = rport=10243 | protocol=6 | dir=out | app=system |
"{178B8573-AC31-45A1-BC32-F289ED829824}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B6D86F1-8AC6-4777-8AB2-A26E36C6F5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E3771CE-75C7-4A5A-90D3-A6F025F10E30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E6FAD89-C0ED-4853-A7E2-7ADB88840EEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48BA405F-8C74-48AB-BA31-F5AA8B6E5143}" = rport=139 | protocol=6 | dir=out | app=system |
"{56C257A6-9A93-479D-814D-1B15F03AAAF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{6017858F-BCE4-4A2A-84E6-2C673ADA6F4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65483500-E17E-4C1D-935F-BA2DE7B8AE89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B9B9392-B9AC-41BE-99D0-28FD51DB5740}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B4178F6-6A5F-4584-8B6D-1D046AD6B01F}" = lport=445 | protocol=6 | dir=in | app=system |
"{817DF8E3-BB8D-46CC-8F65-8A5DCF75D472}" = lport=139 | protocol=6 | dir=in | app=system |
"{86FB1EA4-D965-4298-9388-056E625C9D25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{936E0914-AFFE-4AC4-AE45-D122FEC59D40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93763227-D798-4BC5-AC8D-1C94BE782422}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0303A41-5F8A-49D2-AE21-8656349BFCBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B21D106A-AB17-481D-A9DD-A00AEE3A4B8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B2911345-ABA7-44C0-BC3E-FEA553F6F37E}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAD86228-0CC5-435F-A4AC-D50D76DA7FC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{C97B914F-B2BA-4C37-A55C-3D8642EAFB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E23EE3E1-B5F2-4D25-B61C-57B8B980EC9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E338B347-4500-4418-80F1-7CF4C4210012}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED719730-FCA0-4D74-A7DC-CFD94041680B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3BF7FC9-3553-4A31-B378-29CDF270C3E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD25E8FA-0B6E-4641-A8D4-3CB5A3C263A4}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0499FDF6-A133-473C-A16B-8E609EB40884}" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe |
"{09D14773-6910-4083-B541-41781D3CA7E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0D540F35-F8E8-4EE8-AE2E-FA54B2E1CE60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D74484E-1A3F-4E64-96C4-77EE778E581F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11725EEC-6BD2-4579-B02F-0ECE56F82ABB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2910F288-F4D6-4084-BEC9-432C93E539D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3435EBA4-FA09-443B-A13A-F9E431070CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{42F7ACD7-95AF-4779-87BD-5BD33BE8B350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{54997423-3464-4F8B-80B9-98EC5416C31B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{55D23D99-B016-425D-B9CF-F0377D86FDDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B3DD2AE-7292-4AB0-96D5-3FD0146C7A2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F81A8CF-D404-4283-B5E6-8DD3A651796F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{65689F09-A7B6-41E6-B18E-5DCE0072ED9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7556BFCB-18B7-4C3F-BF61-3DF0237D1C9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{773CDCF6-D584-457F-8453-255F44ACB872}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7963D438-D50E-4AEC-B54F-E1C2E8183D6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7D971091-1C55-4501-8434-88ED0EF63052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{836F8F7E-623E-474C-A3C9-7C027C8281B9}" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe |
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{88901493-73B5-4508-B2C1-6B1321D319F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98CA70E6-4F86-4740-823D-2E2A65EC3D26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A1A2D09-A19C-4C44-8637-A384C459639C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C4F9099-6FC6-4BB1-BAF1-BB527A8D8E6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E3AAC6A-2B78-4F50-8660-31D3A38AA001}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A0E9F214-B12B-444D-9CF0-B2E99CD06584}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AB2C2E2D-97B9-4B6B-AABD-2D7D880CF43C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B3E837A3-9FDA-457C-BB32-89D0DDF2B1D0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B6D934E2-678D-4A5B-ADAF-AFE6898924F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2037CA2-58A1-4790-AA17-72FBEE2395B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C740CD8C-A4DD-4E0E-A497-8BA9D09EDC28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7CC2588-B75F-446D-A698-27D0E41B377B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCFCFE1F-B821-4DC3-897D-DC8ADE87C07F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E1820E44-F2E6-4F90-A2F2-F554D61AB320}" = protocol=6 | dir=out | app=system |
"{E20443B5-D353-4CC6-9F22-ECD80C234DC6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F5148266-C8A4-4B5A-806F-E5BDE2EF09D6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F740F55F-28D3-4303-9838-7E78846767E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB17598E-A0BE-4DD5-B095-45714084BC70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4B72550B-8901-42A3-8FE4-F91E18355CB7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{79A5BD8C-2A16-4D86-A204-13F9CE445888}C:\users\will\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe |
"TCP Query User{9665017F-4B33-4181-980A-8CE3048DCD44}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{9E51E6ED-F973-44C0-ACBA-E268526E2E5D}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{BD35D096-6FC3-47AD-8005-7E50B49145E5}C:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\diablo iii\diablo iii.exe |
"UDP Query User{112AACA7-4E2A-4DCD-8102-A46DB2A879C7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{29BE9513-2DB3-46D6-9289-78D67FBFCB40}C:\users\will\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe |
"UDP Query User{7F5CB412-8949-45A2-B352-0019514319A9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{BF90241D-06C7-4C52-9921-7A06890303F9}C:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\diablo iii\diablo iii.exe |
"UDP Query User{F481AFEF-E8A0-4456-B347-4858AB4A0267}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"Digital Editions" = Adobe Digital Editions
"Foxit Reader_is1" = Foxit Reader 5.1
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Revo Uninstaller" = Revo Uninstaller 1.94
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4384
Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4384
Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5975
Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5975
Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7270
Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7270
Error - 7/6/2012 11:01:46 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp:
0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id:
0xf50 Faulting application start time: 0x01cd5b8826738b26 Faulting application path:
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 80ae97ea-c77b-11e1-b454-001e6816d280
Error - 7/6/2012 11:08:52 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp:
0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id:
0x103c Faulting application start time: 0x01cd5b89234d32b2 Faulting application path:
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 7e8c93e5-c77c-11e1-b454-001e6816d280
[ OSession Events ]
Error - 7/5/2012 10:41:29 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 255
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/5/2012 10:43:14 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/5/2012 11:01:15 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/6/2012 1:03:29 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the NVIDIA
Update Service Daemon service to connect.
Error - 7/6/2012 1:03:45 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1053
Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Software
Protection service to connect.
Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000
Description = The Software Protection service failed to start due to the following
error: %%1053
Error - 7/6/2012 2:01:01 AM | Computer Name = Will-PC | Source = DCOM | ID = 10010
Description =
Error - 7/6/2012 5:36:10 AM | Computer Name = Will-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 7/6/2012 5:36:30 AM | Computer Name = Will-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:34:28 AM on ?7/?6/?2012 was unexpected.
Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000
Description = The QuickPlay Background Capture Service (QBCS) service failed to
start due to the following error: %%2
Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7001
Description = The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay
Background Capture Service (QBCS) service which failed to start because of the
following error: %%2
Error - 7/6/2012 5:36:44 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
< End of report >
-
Hey, I'm new here so I'm not too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually.
At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point.
Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there.
Thanks in advance, I would really appreciate any form of help.
Also, I'm helping out my community by volunteering, so I will not be able to respond from 10-11:30 AM pst. Thanks again.
I originally posted this in gen disc, but that was wrong, as I was redirected by doc. Here are my dds and attach
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Will at 3:37:02 on 2012-07-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1930 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\4656661657C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\86F6D656C6563737 : DhcpNameServer = 192.168.15.1 192.168.1.1
TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DhcpNameServer = 10.0.0.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\rt5iea1u.default\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\will\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-22 1262400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-7 1153368]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-5 28488]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-6 40776]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-6-27 670816]
.
=============== Created Last 30 ================
.
2012-07-06 10:16:18 388096 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-06 10:16:18 -------- d-----w- c:\program files\Trend Micro
2012-07-06 09:43:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-06 04:59:30 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-28 03:16:07 670816 ----a-w- c:\windows\system32\xsherlock.xem
2012-06-24 18:38:49 -------- d-----w- c:\programdata\WEBZEN
2012-06-24 18:24:20 -------- d-----w- c:\users\will\appdata\local\Overwolf
2012-06-24 18:24:02 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-06-24 18:04:23 -------- d-----w- c:\program files\WEBZEN
2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\FlashgetSetup
2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\BITS
2012-06-22 01:48:24 -------- d-----w- c:\program files\FlashGet Network
2012-06-21 05:00:52 -------- d-----w- C:\Nexon
2012-06-18 13:05:01 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-18 13:05:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-17 15:16:48 -------- d-----w- c:\program files\LOLReplay
2012-06-07 06:29:31 -------- d-----w- c:\users\will\appdata\local\Chromium
.
==================== Find3M ====================
.
2012-05-22 23:18:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 23:18:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26:00 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26:00 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26:00 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26:00 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26:00 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28:50 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 3:38:19.26 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2010 8:00:13 PM
System Uptime: 7/6/2012 2:36:06 AM (1 hours ago)
.
Motherboard: Quanta | | 30D2
Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 983/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 151.21 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.894 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP295: 7/3/2012 8:21:43 AM - Scheduled Checkpoint
RP297: 7/5/2012 6:33:12 PM - Revo Uninstaller's restore point - HP Customer Experience Enhancements
RP299: 7/5/2012 6:34:06 PM - Removed HP Customer Experience Enhancements
RP301: 7/5/2012 6:36:20 PM - Revo Uninstaller's restore point - HP Help and Support
RP302: 7/5/2012 6:36:41 PM - Removed HP Help and Support
RP304: 7/5/2012 6:40:44 PM - Revo Uninstaller's restore point - HP Active Support Library
RP305: 7/5/2012 6:41:28 PM - Installed HP Active Support Library
RP307: 7/5/2012 7:00:42 PM - Revo Uninstaller's restore point - HP Photosmart Essential 2.5
RP309: 7/5/2012 7:07:13 PM - Revo Uninstaller's restore point - Foxit Reader 5.1
RP310: 7/5/2012 8:41:51 PM - Windows Update
RP311: 7/5/2012 9:16:48 PM - avast! Pro Antivirus Setup
RP312: 7/6/2012 3:15:29 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
Bonjour
Call of Duty® 4 - Modern Warfare 1.6 Patch
Call of Duty® 4 - Modern Warfare 1.7 Patch
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Combat Arms
Compatibility Pack for the 2007 Office system
CyberLink YouCam
D3DX10
DVD Suite
ESU for Microsoft Vista
Foxit Reader 5.1
Google Talk Plugin
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HiJackThis
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.60
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
iCloud
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java 6 Update 31
League of Legends
LightScribe System Software 1.10.13.1
LOLReplay
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola SM56 Speakerphone Modem
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.8.15
NVIDIA Update Components
PSSWCORE
PVSonyDll
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.2
SmartWebPrinting
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
VideoToolkit01
WeatherBug Gadget
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/6/2012 2:36:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
7/6/2012 2:36:35 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The system cannot find the file specified.
7/6/2012 2:36:35 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The system cannot find the file specified.
7/6/2012 2:36:10 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/5/2012 9:55:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/5/2012 9:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/5/2012 9:55:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/5/2012 9:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2012 9:51:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
7/5/2012 9:51:55 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2012 9:51:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/5/2012 9:38:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/5/2012 9:38:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
7/5/2012 9:30:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/5/2012 9:27:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
7/5/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
7/5/2012 6:18:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/5/2012 10:04:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
7/5/2012 10:04:15 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2012 10:03:45 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2012 10:03:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
7/5/2012 10:01:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
7/5/2012 10:01:19 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2012 7:38:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/3/2012 7:38:28 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/2/2012 9:19:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
7/2/2012 9:19:13 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2012 9:18:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x00000000, 0x8d957a54, 0x8d957630). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070212-72306-01.
7/2/2012 9:11:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
7/2/2012 9:11:07 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2012 9:07:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickPlay Background Capture Service (QBCS) service to connect.
7/2/2012 9:07:02 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2012 9:07:02 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
Hey, I'm new here so I'm too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually.
At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point.
Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there.
Thanks in advance, I would really appreciate any form of help.
P.S I currently cannot sleep because of this issue with my laptop (haha) and I am volunteering for my community in a few hours, so I might only be able to respond past 11 am PST. Thanks again
-
Hey, I'm new here so I'm too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually.
At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point.
Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there.
Thanks in advance, I would really appreciate any form of help.
I can't run any AV's or Malwarebytes?
in Resolved Malware Removal Logs
Posted
Oh mygoodness, my computer keeps freezing up every few minutes and it's incredibly annoying. here are mycombo logs
ComboFix 12-07-06.02 - Will 07/06/2012 19:22:31.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2317 [GMT -7:00]
Running from: c:\users\Will\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Will\Documents\~WRL1392.tmp
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 02:31 . 2012-07-07 02:32 -------- d-----w- c:\users\Will\AppData\Local\temp
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\UpdatusUser.WILL-PC\AppData\Local\temp
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 02:03 . 2012-07-07 02:03 -------- d-----w- C:\_OTL
2012-07-06 19:26 . 2012-07-06 20:41 -------- d-----w- c:\program files\ESET
2012-07-06 10:16 . 2012-07-06 10:16 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-06 10:16 . 2012-07-06 10:16 -------- d-----w- c:\program files\Trend Micro
2012-07-06 01:42 . 2012-07-06 01:42 -------- d-----w- c:\users\Wes
2012-06-28 03:16 . 2012-06-28 03:16 670816 ----a-w- c:\windows\system32\xsherlock.xem
2012-06-24 18:38 . 2012-07-02 16:26 -------- d-----w- c:\programdata\WEBZEN
2012-06-24 18:24 . 2012-06-27 17:03 -------- d-----w- c:\users\Will\AppData\Local\Overwolf
2012-06-24 18:04 . 2012-07-02 16:26 -------- d-----w- c:\program files\WEBZEN
2012-06-22 01:48 . 2012-06-27 06:58 -------- d-----w- c:\users\Will\AppData\Roaming\FlashgetSetup
2012-06-22 01:48 . 2012-06-24 18:30 -------- d-----w- c:\users\Will\AppData\Roaming\BITS
2012-06-22 01:48 . 2012-06-27 06:59 -------- d-----w- c:\program files\FlashGet Network
2012-06-21 05:00 . 2012-07-06 21:07 -------- d-----w- C:\Nexon
2012-06-18 13:05 . 2012-06-18 13:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 13:05 . 2012-06-18 13:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-17 15:16 . 2012-06-17 15:16 -------- d-----w- c:\program files\LOLReplay
2012-06-07 06:29 . 2012-06-07 06:29 -------- d-----w- c:\users\Will\AppData\Local\Chromium
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 23:18 . 2012-05-22 23:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 23:18 . 2012-02-18 22:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:26 . 2012-05-22 22:50 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-05-22 22:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-05-22 22:47 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2012-05-22 22:47 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-05-22 22:47 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-05-22 22:47 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-05-22 22:47 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-05-22 22:47 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-05-22 22:47 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-05-22 22:47 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2012-05-22 22:47 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-05-22 22:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28 . 2012-05-22 22:51 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28 . 2012-05-22 22:51 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-05-22 22:51 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-05-22 22:51 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-05-22 22:51 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-05-22 22:51 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-18 13:05 . 2012-02-20 18:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
backup=c:\windows\pss\LOLRecorder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sophos AutoUpdate Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
backup=c:\windows\pss\Sophos AutoUpdate Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Will^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2012-03-07 22:40 3117344 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-18 03:28 136176 ----atw- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 23:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 21:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2010-07-21 23:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-09 18:25 7539232 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 22:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 07:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleForWill.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-26 19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-QPService - c:\program files\HP\QuickPlay\QPService.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-SynTPStart - c:\program files\Synaptics\SynTP\SynTPStart.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-06 19:35:44
ComboFix-quarantined-files.txt 2012-07-07 02:35
.
Pre-Run: 173,687,578,624 bytes free
Post-Run: 174,716,133,376 bytes free
.
- - End Of File - - D5B2C27D1B6F1D6D00759EF90190265A