Jump to content

I can't run any AV's or Malwarebytes?


Recommended Posts

Hey, I'm new here so I'm not too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually.

At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point.

Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there.

Thanks in advance, I would really appreciate any form of help.

Also, I'm helping out my community by volunteering, so I will not be able to respond from 10-11:30 AM pst. Thanks again.

I originally posted this in gen disc, but that was wrong, as I was redirected by doc. Here are my dds and attach

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Will at 3:37:02 on 2012-07-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1930 [GMT -7:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\4656661657C647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\86F6D656C6563737 : DhcpNameServer = 192.168.15.1 192.168.1.1

TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DhcpNameServer = 10.0.0.1

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\rt5iea1u.default\

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\will\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-22 1262400]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-7 1153368]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-5 28488]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-6 40776]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-1 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]

S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-6-27 670816]

.

=============== Created Last 30 ================

.

2012-07-06 10:16:18 388096 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-07-06 10:16:18 -------- d-----w- c:\program files\Trend Micro

2012-07-06 09:43:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-06 04:59:30 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-28 03:16:07 670816 ----a-w- c:\windows\system32\xsherlock.xem

2012-06-24 18:38:49 -------- d-----w- c:\programdata\WEBZEN

2012-06-24 18:24:20 -------- d-----w- c:\users\will\appdata\local\Overwolf

2012-06-24 18:24:02 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP

2012-06-24 18:04:23 -------- d-----w- c:\program files\WEBZEN

2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\FlashgetSetup

2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\BITS

2012-06-22 01:48:24 -------- d-----w- c:\program files\FlashGet Network

2012-06-21 05:00:52 -------- d-----w- C:\Nexon

2012-06-18 13:05:01 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-18 13:05:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-17 15:16:48 -------- d-----w- c:\program files\LOLReplay

2012-06-07 06:29:31 -------- d-----w- c:\users\will\appdata\local\Chromium

.

==================== Find3M ====================

.

2012-05-22 23:18:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-22 23:18:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:26:00 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:26:00 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:26:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:26:00 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-15 10:26:00 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll

2012-05-15 10:26:00 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:28:50 2561344 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 3:38:19.26 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 7/25/2010 8:00:13 PM

System Uptime: 7/6/2012 2:36:06 AM (1 hours ago)

.

Motherboard: Quanta | | 30D2

Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 983/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 151.21 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.894 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP295: 7/3/2012 8:21:43 AM - Scheduled Checkpoint

RP297: 7/5/2012 6:33:12 PM - Revo Uninstaller's restore point - HP Customer Experience Enhancements

RP299: 7/5/2012 6:34:06 PM - Removed HP Customer Experience Enhancements

RP301: 7/5/2012 6:36:20 PM - Revo Uninstaller's restore point - HP Help and Support

RP302: 7/5/2012 6:36:41 PM - Removed HP Help and Support

RP304: 7/5/2012 6:40:44 PM - Revo Uninstaller's restore point - HP Active Support Library

RP305: 7/5/2012 6:41:28 PM - Installed HP Active Support Library

RP307: 7/5/2012 7:00:42 PM - Revo Uninstaller's restore point - HP Photosmart Essential 2.5

RP309: 7/5/2012 7:07:13 PM - Revo Uninstaller's restore point - Foxit Reader 5.1

RP310: 7/5/2012 8:41:51 PM - Windows Update

RP311: 7/5/2012 9:16:48 PM - avast! Pro Antivirus Setup

RP312: 7/6/2012 3:15:29 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

Bonjour

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Cards_Calendar_OrderGift_DoMorePlugout

CCleaner

Combat Arms

Compatibility Pack for the 2007 Office system

CyberLink YouCam

D3DX10

DVD Suite

ESU for Microsoft Vista

Foxit Reader 5.1

Google Talk Plugin

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

HiJackThis

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing 4.60

HP Total Care Advisor

HP Update

HP User Guides 0087

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

iCloud

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 31

League of Legends

LightScribe System Software 1.10.13.1

LOLReplay

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.0

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Motorola SM56 Speakerphone Modem

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSCU for Microsoft Vista

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nexon Game Manager

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Graphics Driver 301.42

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Update 1.8.15

NVIDIA Update Components

PSSWCORE

PVSonyDll

QuickTime

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype™ 4.2

SmartWebPrinting

Spybot - Search & Destroy

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Ventrilo Client

VideoToolkit01

WeatherBug Gadget

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

7/6/2012 2:36:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

7/6/2012 2:36:35 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The system cannot find the file specified.

7/6/2012 2:36:35 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The system cannot find the file specified.

7/6/2012 2:36:10 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

7/5/2012 9:55:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/5/2012 9:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/5/2012 9:55:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/5/2012 9:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/5/2012 9:51:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

7/5/2012 9:51:55 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/5/2012 9:51:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/5/2012 9:38:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/5/2012 9:38:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf

7/5/2012 9:30:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

7/5/2012 9:27:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

7/5/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

7/5/2012 6:18:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/5/2012 10:04:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

7/5/2012 10:04:15 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/5/2012 10:03:45 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/5/2012 10:03:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.

7/5/2012 10:01:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

7/5/2012 10:01:19 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/3/2012 7:38:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/3/2012 7:38:28 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

7/2/2012 9:19:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

7/2/2012 9:19:13 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/2/2012 9:18:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x00000000, 0x8d957a54, 0x8d957630). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070212-72306-01.

7/2/2012 9:11:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

7/2/2012 9:11:07 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/2/2012 9:07:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickPlay Background Capture Service (QBCS) service to connect.

7/2/2012 9:07:02 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

7/2/2012 9:07:02 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello Will96! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Thank you for responding. I encountered a new problem when trying to run the avast scanner. I seem get the BSOD with the error IRQL is less than or equal to. I got this error twice as I scanned twice so i am only able to give you the OTL files.

OTL logfile created on: 7/6/2012 8:20:06 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free

7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free

Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS

Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS

Computer Name: WILL-PC | User Name: Will | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe

PRC - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)

SRV - [2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)

SRV - [2012/06/18 06:05:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2011/06/06 09:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2010/07/26 20:10:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Will\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2012/07/06 02:43:26 | 000,028,488 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/07/25 10:27:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV - [2007/06/28 08:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)

DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKLM\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKLM\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E}

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/05 21:43:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M]

[2010/12/19 19:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions

[2012/06/28 23:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions

[2010/12/21 00:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/05/16 16:35:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/05/03 21:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/06/28 23:08:52 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\WILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RT5IEA1U.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012/06/18 06:05:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/04/05 17:36:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

[2012/06/18 06:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/18 06:04:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/22 15:54:03 | 000,442,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15218 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-509424225-914708275-285777440-1018..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD}: DhcpNameServer = 10.0.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 08:18:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe

[2012/07/06 08:15:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe

[2012/07/06 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/06 08:03:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe

[2012/07/06 03:35:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Will\Desktop\dds.com

[2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/06/27 20:16:07 | 000,670,816 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem

[2012/06/27 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\C9

[2012/06/24 11:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN

[2012/06/24 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub

[2012/06/24 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Overwolf

[2012/06/24 11:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\WEBZEN

[2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\FlashgetSetup

[2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\BITS

[2012/06/21 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network

[2012/06/20 22:00:52 | 000,000,000 | ---D | C] -- C:\Nexon

[2012/06/17 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\LOLReplay

[2012/06/17 08:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay

[2012/06/11 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/06 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Chromium

[2012/06/06 09:00:53 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Guild Wars 2

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 08:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job

[2012/07/06 08:18:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe

[2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe

[2012/07/06 08:07:35 | 000,001,236 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/06 08:07:35 | 000,001,212 | ---- | M] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk

[2012/07/06 08:04:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe

[2012/07/06 08:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000UA.job

[2012/07/06 07:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/06 03:35:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Will\Desktop\dds.com

[2012/07/06 03:16:19 | 000,002,959 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.lnk

[2012/07/06 03:15:15 | 001,402,880 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.msi

[2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 02:43:26 | 000,028,488 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys

[2012/07/06 02:36:23 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/06 01:25:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job

[2012/07/03 07:37:50 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWill.job

[2012/07/03 00:18:53 | 000,001,151 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2012/07/02 23:23:03 | 000,001,603 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk

[2012/07/02 10:00:19 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000Core.job

[2012/07/02 08:48:57 | 000,001,071 | ---- | M] () -- C:\Users\Will\Documents - Shortcut.lnk

[2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem

[2012/06/21 19:13:14 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat

[2012/06/21 18:48:54 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI

[2012/06/17 08:16:49 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012/06/15 20:14:35 | 000,278,561 | ---- | M] () -- C:\Users\Will\Desktop\Minecraft.exe

[2012/06/11 16:34:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/09 09:24:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/09 09:24:50 | 000,386,040 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2012/06/09 09:24:50 | 000,369,938 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2012/06/09 09:24:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/09 09:24:50 | 000,104,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2012/06/09 09:24:50 | 000,099,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 08:07:35 | 000,001,236 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/06 08:07:35 | 000,001,212 | ---- | C] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk

[2012/07/06 03:16:19 | 000,002,959 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.lnk

[2012/07/06 03:15:12 | 001,402,880 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.msi

[2012/07/05 21:59:30 | 000,028,488 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys

[2012/07/02 23:23:03 | 000,001,603 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk

[2012/07/02 08:48:57 | 000,001,071 | ---- | C] () -- C:\Users\Will\Documents - Shortcut.lnk

[2012/06/21 19:13:14 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat

[2012/06/21 18:48:54 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2012/06/17 08:16:49 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012/06/15 20:13:33 | 000,278,561 | ---- | C] () -- C:\Users\Will\Desktop\Minecraft.exe

[2012/06/11 16:34:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/04/05 17:18:25 | 000,000,023 | ---- | C] () -- C:\Users\Will\jagexappletviewer.preferences

[2012/03/13 17:40:41 | 000,000,043 | ---- | C] () -- C:\Users\Will\jagex_cl_runescape_LIVE.dat

[2012/03/13 17:40:41 | 000,000,024 | ---- | C] () -- C:\Users\Will\random.dat

[2012/01/02 19:58:40 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat.temp

[2012/01/02 19:58:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp

[2011/12/20 23:27:29 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011/12/20 23:27:29 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011/08/26 23:08:32 | 000,002,702 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2011/07/04 23:46:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011/07/04 23:46:51 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011/07/04 23:46:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011/07/04 23:46:28 | 000,003,584 | ---- | C] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/22 23:02:06 | 000,782,152 | ---- | C] () -- C:\Users\Will\FUNNIEST LOL MATCH EVER.png

[2011/06/01 20:17:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/06/01 20:15:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010/12/19 19:33:27 | 000,000,632 | RHS- | C] () -- C:\Users\Will\ntuser.pol

[2010/12/01 22:39:47 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/07/31 13:56:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/07/28 06:03:03 | 000,369,938 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2010/07/28 06:03:03 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2010/07/28 06:03:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2010/07/28 06:03:03 | 000,104,382 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2010/07/28 06:03:03 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2010/07/28 06:03:02 | 000,386,040 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2010/07/28 06:03:02 | 000,099,468 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2010/07/28 06:03:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2010/07/25 19:36:53 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

========== LOP Check ==========

[2012/07/01 18:56:50 | 000,000,000 | R--D | M] -- C:\Users\Will\AppData\Roaming\.minecraft

[2010/12/19 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Auslogics

[2012/06/24 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BITS

[2011/12/06 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Downloaded Installations

[2011/07/02 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ESET

[2012/06/26 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\FlashgetSetup

[2012/04/12 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Foxit Software

[2011/04/25 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient

[2012/05/29 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient2

[2012/06/04 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mumble

[2012/03/09 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Tunngle

[2011/10/01 18:31:23 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 7/6/2012 8:20:06 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free

7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free

Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS

Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS

Computer Name: WILL-PC | User Name: Will | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{027ADFF8-8F2A-4340-91FA-C3E59A113C90}" = rport=10243 | protocol=6 | dir=out | app=system |

"{178B8573-AC31-45A1-BC32-F289ED829824}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2B6D86F1-8AC6-4777-8AB2-A26E36C6F5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2E3771CE-75C7-4A5A-90D3-A6F025F10E30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2E6FAD89-C0ED-4853-A7E2-7ADB88840EEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{48BA405F-8C74-48AB-BA31-F5AA8B6E5143}" = rport=139 | protocol=6 | dir=out | app=system |

"{56C257A6-9A93-479D-814D-1B15F03AAAF0}" = rport=445 | protocol=6 | dir=out | app=system |

"{6017858F-BCE4-4A2A-84E6-2C673ADA6F4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{65483500-E17E-4C1D-935F-BA2DE7B8AE89}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6B9B9392-B9AC-41BE-99D0-28FD51DB5740}" = rport=138 | protocol=17 | dir=out | app=system |

"{7B4178F6-6A5F-4584-8B6D-1D046AD6B01F}" = lport=445 | protocol=6 | dir=in | app=system |

"{817DF8E3-BB8D-46CC-8F65-8A5DCF75D472}" = lport=139 | protocol=6 | dir=in | app=system |

"{86FB1EA4-D965-4298-9388-056E625C9D25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{936E0914-AFFE-4AC4-AE45-D122FEC59D40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{93763227-D798-4BC5-AC8D-1C94BE782422}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A0303A41-5F8A-49D2-AE21-8656349BFCBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B21D106A-AB17-481D-A9DD-A00AEE3A4B8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B2911345-ABA7-44C0-BC3E-FEA553F6F37E}" = lport=138 | protocol=17 | dir=in | app=system |

"{BAD86228-0CC5-435F-A4AC-D50D76DA7FC8}" = rport=137 | protocol=17 | dir=out | app=system |

"{C97B914F-B2BA-4C37-A55C-3D8642EAFB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E23EE3E1-B5F2-4D25-B61C-57B8B980EC9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E338B347-4500-4418-80F1-7CF4C4210012}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{ED719730-FCA0-4D74-A7DC-CFD94041680B}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F3BF7FC9-3553-4A31-B378-29CDF270C3E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{FD25E8FA-0B6E-4641-A8D4-3CB5A3C263A4}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0499FDF6-A133-473C-A16B-8E609EB40884}" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe |

"{09D14773-6910-4083-B541-41781D3CA7E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{0D540F35-F8E8-4EE8-AE2E-FA54B2E1CE60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0D74484E-1A3F-4E64-96C4-77EE778E581F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{11725EEC-6BD2-4579-B02F-0ECE56F82ABB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2910F288-F4D6-4084-BEC9-432C93E539D8}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{3435EBA4-FA09-443B-A13A-F9E431070CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{42F7ACD7-95AF-4779-87BD-5BD33BE8B350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{54997423-3464-4F8B-80B9-98EC5416C31B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{55D23D99-B016-425D-B9CF-F0377D86FDDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5B3DD2AE-7292-4AB0-96D5-3FD0146C7A2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5F81A8CF-D404-4283-B5E6-8DD3A651796F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{65689F09-A7B6-41E6-B18E-5DCE0072ED9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7556BFCB-18B7-4C3F-BF61-3DF0237D1C9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{773CDCF6-D584-457F-8453-255F44ACB872}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{7963D438-D50E-4AEC-B54F-E1C2E8183D6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{7D971091-1C55-4501-8434-88ED0EF63052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{836F8F7E-623E-474C-A3C9-7C027C8281B9}" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe |

"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{88901493-73B5-4508-B2C1-6B1321D319F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{98CA70E6-4F86-4740-823D-2E2A65EC3D26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9A1A2D09-A19C-4C44-8637-A384C459639C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9C4F9099-6FC6-4BB1-BAF1-BB527A8D8E6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9E3AAC6A-2B78-4F50-8660-31D3A38AA001}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A0E9F214-B12B-444D-9CF0-B2E99CD06584}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{AB2C2E2D-97B9-4B6B-AABD-2D7D880CF43C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{B3E837A3-9FDA-457C-BB32-89D0DDF2B1D0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{B6D934E2-678D-4A5B-ADAF-AFE6898924F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C2037CA2-58A1-4790-AA17-72FBEE2395B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{C740CD8C-A4DD-4E0E-A497-8BA9D09EDC28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C7CC2588-B75F-446D-A698-27D0E41B377B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DCFCFE1F-B821-4DC3-897D-DC8ADE87C07F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{E1820E44-F2E6-4F90-A2F2-F554D61AB320}" = protocol=6 | dir=out | app=system |

"{E20443B5-D353-4CC6-9F22-ECD80C234DC6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{F5148266-C8A4-4B5A-806F-E5BDE2EF09D6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{F740F55F-28D3-4303-9838-7E78846767E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FB17598E-A0BE-4DD5-B095-45714084BC70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{4B72550B-8901-42A3-8FE4-F91E18355CB7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{79A5BD8C-2A16-4D86-A204-13F9CE445888}C:\users\will\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe |

"TCP Query User{9665017F-4B33-4181-980A-8CE3048DCD44}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{9E51E6ED-F973-44C0-ACBA-E268526E2E5D}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"TCP Query User{BD35D096-6FC3-47AD-8005-7E50B49145E5}C:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\diablo iii\diablo iii.exe |

"UDP Query User{112AACA7-4E2A-4DCD-8102-A46DB2A879C7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{29BE9513-2DB3-46D6-9289-78D67FBFCB40}C:\users\will\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe |

"UDP Query User{7F5CB412-8949-45A2-B352-0019514319A9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{BF90241D-06C7-4C52-9921-7A06890303F9}C:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\diablo iii\diablo iii.exe |

"UDP Query User{F481AFEF-E8A0-4456-B347-4858AB4A0267}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"CCleaner" = CCleaner

"Combat Arms" = Combat Arms

"Digital Editions" = Adobe Digital Editions

"Foxit Reader_is1" = Foxit Reader 5.1

"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"LOLReplay" = LOLReplay

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"Revo Uninstaller" = Revo Uninstaller 1.94

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4384

Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4384

Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5975

Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5975

Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7270

Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7270

Error - 7/6/2012 11:01:46 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp:

0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:

0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id:

0xf50 Faulting application start time: 0x01cd5b8826738b26 Faulting application path:

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 80ae97ea-c77b-11e1-b454-001e6816d280

Error - 7/6/2012 11:08:52 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp:

0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:

0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id:

0x103c Faulting application start time: 0x01cd5b89234d32b2 Faulting application path:

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 7e8c93e5-c77c-11e1-b454-001e6816d280

[ OSession Events ]

Error - 7/5/2012 10:41:29 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 255

seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2012 10:43:14 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94

seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2012 11:01:15 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 7/6/2012 1:03:29 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the NVIDIA

Update Service Daemon service to connect.

Error - 7/6/2012 1:03:45 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1053

Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Software

Protection service to connect.

Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000

Description = The Software Protection service failed to start due to the following

error: %%1053

Error - 7/6/2012 2:01:01 AM | Computer Name = Will-PC | Source = DCOM | ID = 10010

Description =

Error - 7/6/2012 5:36:10 AM | Computer Name = Will-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 7/6/2012 5:36:30 AM | Computer Name = Will-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:34:28 AM on ?7/?6/?2012 was unexpected.

Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000

Description = The QuickPlay Background Capture Service (QBCS) service failed to

start due to the following error: %%2

Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7001

Description = The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay

Background Capture Service (QBCS) service which failed to start because of the

following error: %%2

Error - 7/6/2012 5:36:44 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

< End of report >

Link to post
Share on other sites

Hey, I just got back. I immediately got on Safe mode and tried installing, but this time I watched my computer scan from the avast scanner you sent me. I once again got a BSOD, however it was "Bad Pool Header" when the scan began checking my System32: gda.dll or something, (it was only a brief second) and it restarted my computer. Perhaps this is more of a hardware issue?? The reason why I think it's suspicious though is that I cannot open Spybot, nor Malwarebytes, but I can run everything else okay.

Link to post
Share on other sites

Thanks for letting me know!

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • OTL Fix log
  • ComboFix log

Link to post
Share on other sites

Hey, thanks for returning to my thread. Just a head up as I've been still trying to fix my computer. I just uninstalled my Spybot and Malwarebytes because neither of them worked (Errors or corruptions when attempting to open) and I installed Eset (I disabled this when running combofix) I tried scanning a third time in Safe-mode and it miraculously didn't get a BSOD, however it was suspicious of a file called system32.gdi.dll or something. And it later got the BSOD to my dismay. It was "Bad Pool Header" this time. As I tried scanning with ESET, It got stuck on system32.gdi.dll or something similar to that as well.

Here are my logs for OTL

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Will\Desktop\cmd.bat deleted successfully.

C:\Users\Will\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: UpdatusUser.WILL-PC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Wes

->Temp folder emptied: 102845 bytes

User: Will

->Temp folder emptied: 5725724106 bytes

->Temporary Internet Files folder emptied: 1442194 bytes

->Java cache emptied: 41607266 bytes

->FireFox cache emptied: 49982043 bytes

->Flash cache emptied: 43584 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 107489 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,550.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07062012_190343

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Oh mygoodness, my computer keeps freezing up every few minutes and it's incredibly annoying. here are mycombo logs

ComboFix 12-07-06.02 - Will 07/06/2012 19:22:31.1.2 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2317 [GMT -7:00]

Running from: c:\users\Will\Desktop\ComboFix.exe

AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Will\Documents\~WRL1392.tmp

c:\windows\system32\KBL.LOG

.

.

((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))

.

.

2012-07-07 02:31 . 2012-07-07 02:32 -------- d-----w- c:\users\Will\AppData\Local\temp

2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\UpdatusUser.WILL-PC\AppData\Local\temp

2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-07 02:03 . 2012-07-07 02:03 -------- d-----w- C:\_OTL

2012-07-06 19:26 . 2012-07-06 20:41 -------- d-----w- c:\program files\ESET

2012-07-06 10:16 . 2012-07-06 10:16 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-06 10:16 . 2012-07-06 10:16 -------- d-----w- c:\program files\Trend Micro

2012-07-06 01:42 . 2012-07-06 01:42 -------- d-----w- c:\users\Wes

2012-06-28 03:16 . 2012-06-28 03:16 670816 ----a-w- c:\windows\system32\xsherlock.xem

2012-06-24 18:38 . 2012-07-02 16:26 -------- d-----w- c:\programdata\WEBZEN

2012-06-24 18:24 . 2012-06-27 17:03 -------- d-----w- c:\users\Will\AppData\Local\Overwolf

2012-06-24 18:04 . 2012-07-02 16:26 -------- d-----w- c:\program files\WEBZEN

2012-06-22 01:48 . 2012-06-27 06:58 -------- d-----w- c:\users\Will\AppData\Roaming\FlashgetSetup

2012-06-22 01:48 . 2012-06-24 18:30 -------- d-----w- c:\users\Will\AppData\Roaming\BITS

2012-06-22 01:48 . 2012-06-27 06:59 -------- d-----w- c:\program files\FlashGet Network

2012-06-21 05:00 . 2012-07-06 21:07 -------- d-----w- C:\Nexon

2012-06-18 13:05 . 2012-06-18 13:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-18 13:05 . 2012-06-18 13:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-17 15:16 . 2012-06-17 15:16 -------- d-----w- c:\program files\LOLReplay

2012-06-07 06:29 . 2012-06-07 06:29 -------- d-----w- c:\users\Will\AppData\Local\Chromium

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-22 23:18 . 2012-05-22 23:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-22 23:18 . 2012-02-18 22:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-15 10:26 . 2012-05-22 22:50 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:26 . 2012-05-22 22:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:26 . 2012-05-22 22:47 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-05-15 10:26 . 2012-05-22 22:47 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:26 . 2012-05-22 22:47 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:26 . 2012-05-22 22:47 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:26 . 2012-05-22 22:47 2368832 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:26 . 2012-05-22 22:47 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-15 10:26 . 2012-05-22 22:47 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:26 . 2012-05-22 22:47 15322432 ----a-w- c:\windows\system32\nvd3dum.dll

2012-05-15 10:26 . 2012-05-22 22:47 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:26 . 2012-05-22 22:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:28 . 2012-05-22 22:51 2561344 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:28 . 2012-05-22 22:51 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28 . 2012-05-22 22:51 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28 . 2012-05-22 22:51 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28 . 2012-05-22 22:51 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27 . 2012-05-22 22:51 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-06-18 13:05 . 2012-02-20 18:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk

backup=c:\windows\pss\LOLRecorder.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sophos AutoUpdate Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk

backup=c:\windows\pss\Sophos AutoUpdate Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Will^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

2012-03-07 22:40 3117344 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-11-18 03:28 136176 ----atw- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2007-10-03 23:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-12-04 21:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2010-07-21 23:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]

2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-06-09 18:25 7539232 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2009-10-26 22:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 07:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

.

R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]

R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job

- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job

- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28]

.

2012-07-03 c:\windows\Tasks\HPCeeScheduleForWill.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-26 19:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe

MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

MSConfigStartUp-QPService - c:\program files\HP\QuickPlay\QPService.exe

MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe

MSConfigStartUp-SynTPStart - c:\program files\Synaptics\SynTP\SynTPStart.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-06 19:35:44

ComboFix-quarantined-files.txt 2012-07-07 02:35

.

Pre-Run: 173,687,578,624 bytes free

Post-Run: 174,716,133,376 bytes free

.

- - End Of File - - D5B2C27D1B6F1D6D00759EF90190265A

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.