Jump to content

twist409

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Same thing again Maniac. Would it help if I try and record the last file scanned before the blue screen?
  2. Hi Maniac, please see below! ComboFix 12-07-12.02 - Zach 13/07/2012 3:24.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8172.6306 [GMT 1:00] Running from: c:\users\Zach\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Public\sdelevURL.tmp c:\users\Zach\AppData\Local\Temp\{928D9A8B-E642-4A17-BF4C-B0922036902E}\fpb.tmp . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-12 02:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 22:40 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 22:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 22:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 22:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 22:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 22:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 22:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 22:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 22:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 22:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 22:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 22:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 22:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 22:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-10 03:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-07 15:05 . 2012-07-07 15:05 -------- d-----w- C:\_OTL 2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Oracle 2012-07-06 20:12 . 2012-05-04 18:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-06 20:12 . 2012-05-04 18:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Java 2012-07-06 16:36 . 2012-07-06 17:09 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-07-05 22:10 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-05 15:18 . 2012-07-05 15:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72766A6F-F649-40D4-9092-4D1FBF0D97C1}\gapaengine.dll 2012-07-05 15:18 . 2012-01-22 23:26 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-05 14:41 . 2012-07-05 14:41 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-05 01:13 . 2012-07-05 01:13 388096 ----a-r- c:\users\Zach\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-05 01:13 . 2012-07-05 01:13 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-04 21:58 . 2012-07-04 21:58 -------- d-----w- c:\programdata\GFI Software 2012-07-04 19:45 . 2012-07-04 19:45 -------- d-----w- c:\users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 2012-06-21 19:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 19:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 19:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 19:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 19:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 19:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 19:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 19:02 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 19:02 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-16 18:04 . 2012-05-27 13:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-16 18:04 . 2012-01-17 18:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-17 00:45 . 2012-05-17 00:45 955848 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-17 00:45 . 2012-05-17 00:45 839112 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-15 10:48 . 2012-05-27 13:59 8139072 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:48 . 2012-05-27 13:59 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-05-15 10:48 . 2012-05-27 13:59 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-27 13:59 2681664 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:48 . 2012-05-27 13:59 25743168 ----a-w- c:\windows\system32\nvoglv64.dll 2012-05-15 10:48 . 2012-05-27 13:59 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-05-15 10:48 . 2012-05-27 13:59 25248064 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:48 . 2012-05-27 13:59 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-27 13:59 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-05-15 10:48 . 2012-05-27 13:59 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-05-15 10:48 . 2012-05-27 13:59 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-05-15 10:48 . 2012-05-27 13:59 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:48 . 2012-05-17 00:55 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-05-15 10:48 . 2012-05-17 00:55 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-05-17 00:55 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2012-05-17 00:55 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2012-05-17 00:55 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2012-05-17 00:55 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2012-05-17 00:55 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-05-15 10:48 . 2012-01-11 04:05 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2012-01-11 04:05 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2011-06-24 05:21 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2011-06-24 05:21 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2011-06-24 05:21 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2011-06-24 05:21 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:29 . 2011-06-24 05:20 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2011-06-24 05:20 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-04-18 17:08 . 2012-05-27 13:59 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-04-18 17:08 . 2012-05-27 13:59 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-04-18 17:08 . 2012-05-17 00:55 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-11 1242448] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456] "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Tarantula"="c:\program files (x86)\Razer\Tarantula\razerhid.exe" [2007-05-07 159744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 136176] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-04-11 49664] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-02 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-06-26 468848] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-06-20 384880] S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-22 174680] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 18:13] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 18:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2011-04-08 85320] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-08 11860072] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 24.92.226.11 24.92.226.12 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-Origin - e:\origin\OriginUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2b,9a,37,65,ce,4a,28,37,ee,b8,6d,37,66,27,c8,9f,16,3d,f7,dd,ca,25,ae, dc,a2,74,a3,86,9f,96,a0,da,c1,26,55,40,62,47,16,8f,82,4f,a4,f9,d2,4b,1d,83,\ "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12 . [HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\SecuROM\License information*] "datasecu"=hex:fb,8a,30,26,3d,90,95,b1,1a,fa,f4,a8,4d,e2,69,1e,e6,00,9f,2d,cf, 97,f0,04,11,ca,33,0d,64,15,c4,d2,b5,72,9f,bd,ba,85,bd,92,bb,39,f0,05,88,64,\ "rkeysecu"=hex:ba,e2,11,3e,77,c1,74,58,a4,0d,57,96,74,3d,2a,3a . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Chicony\GameKeys\MODPS2KEY.EXE . ************************************************************************** . Completion time: 2012-07-13 03:28:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-13 02:28 . Pre-Run: 25,309,462,528 bytes free Post-Run: 25,124,352,000 bytes free . - - End Of File - - 9BDE9E932161FF8CFAA5AF9DA4956622
  3. Hi Maniac = same issue when I run full scan. Kernal data error and blue screen
  4. Maniac, As requested: All processes killed ========== OTL ========== C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully. C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Ad-Aware Browsing Protection not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Zach\Desktop\cmd.bat deleted successfully. C:\Users\Zach\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Zach ->Temp folder emptied: 131263059 bytes ->Temporary Internet Files folder emptied: 138658565 bytes ->Java cache emptied: 490836 bytes ->Flash cache emptied: 15257315 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 295139169 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50601 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 554.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07072012_160512 Files\Folders moved on Reboot... C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\AjaxHistoryFrame[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\RteFrame_16.2.7040.0620[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\xmlProxy[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\adloader[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\default[2].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\InboxLight[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\resourcespreload[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\EditMessageLight[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\xmlProxy[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\LocalStorage[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\Messenger[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\resourcespreload[1].htm moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... File C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\AjaxHistoryFrame[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\RteFrame_16.2.7040.0620[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\xmlProxy[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\adloader[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\default[2].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\InboxLight[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\resourcespreload[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\EditMessageLight[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\xmlProxy[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\LocalStorage[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\Messenger[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\resourcespreload[1].htm not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found! File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found! Registry entries deleted on Reboot... Cheers
  5. Extras.txt OTL Extras logfile created on: 7/6/2012 9:15:11 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zach\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.08% Memory free 15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 27.14 Gb Free Space | 24.28% Space Free | Partition Type: NTFS Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 465.66 Gb Total Space | 242.49 Gb Free Space | 52.07% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Zach | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{28DFB131-4FEB-4B70-89A0-22234CF5A15A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A46FA147-556D-4551-AF1D-107547EC6EBF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02DB8B35-6E3B-4287-BB0C-E7CC45A0E470}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{035E3C76-CA8F-4C41-BAB4-DDB993908E6B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0E4278EF-86D7-4E14-A12D-7EDB1D75240F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1312D691-9962-42DD-A073-C102D993D9E0}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\uplaybrowser.exe | "{1335AA09-CF45-4C2B-8844-6B920B92F58C}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe | "{17026CBF-A40D-485A-8FAD-BBE6201801D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1D71B73E-5BE4-4979-A6D2-07C07FDC866A}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreedii.exe | "{222815C6-E784-43A9-AC7E-C8C025FE5FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{299BA8B8-9FAA-46E2-A58E-CFE77EEB0A4B}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\launcher.exe | "{2CC64335-032D-4215-9C1A-E759A39A1E39}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe | "{2F4CFE4F-1224-4F3F-A03B-2F5E7A813EF1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{373469FE-5FAE-4FFE-8B19-72EE708FB978}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\launcher.exe | "{37A7B0D4-C86A-4B5B-85CC-F81394E60822}" = protocol=17 | dir=in | app=e:\games\diablo iii\diablo iii.exe | "{392187D8-2790-4C22-8DEE-DBD85C800751}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe | "{3AA496F7-D4A1-4D36-954F-6F854B80A0D2}" = protocol=17 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe | "{488E8582-6BFE-4EF4-BEA8-4B2F5D398BB7}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "{490398E5-C8B5-4C3C-8F6B-8560C8C01AD1}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\launcher.exe | "{520B9233-3126-4D69-809B-8AC00E5A8878}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | "{5510F7ED-5861-4A1B-8BDD-E23550F631E5}" = protocol=6 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe | "{56FD4ED8-86B1-4D63-8169-13F439567913}" = protocol=17 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe | "{5A7F3D5C-1AE9-49AD-9C57-4B980E568443}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe | "{5D23D8A9-FF8F-498F-9A41-4A1F6DE29B83}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{62225109-08A4-42E8-9C74-2A1723CCDDDE}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | "{67ECD339-2331-4DC1-8453-8D74DB35CBFD}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "{6F34DDA5-26BB-4DAC-BE0E-5C438F0B86B0}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreedii.exe | "{6F8B6718-99A6-4E36-915D-2783EBF8636E}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{72FEA028-E379-4195-A850-A7B8A56F27DC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{7483044E-8671-44B7-A77C-93373C2D1B5B}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe | "{7CA1C108-A535-44E4-9546-D9D642150EEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{85711BC7-AF81-436C-B8FB-7A781CFAFFC1}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\launcher.exe | "{97E687EF-5B16-4F5E-954A-602832270245}" = protocol=6 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe | "{9C54774C-9B14-4A1C-9B89-AD723012D5CB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{A0263B69-99D1-44B8-BB6E-BC6D27C155CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{A05A093A-3CD7-4D79-BE03-E9C0F955474F}" = protocol=17 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{A0716A11-0F7F-408D-8272-CC8A58DA51FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A0CD120C-25DD-40BF-A57D-317F6E63D550}" = protocol=6 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{ACA07BA7-347F-474A-8016-07FD28E633CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{ACC0334B-4C47-44F5-AF93-18D915DFEC45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ADC22346-4758-4587-ACEB-9C010897157F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B2FF70CB-7A94-4948-8DB9-1E833917422A}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{B557B218-3418-4F5E-8E5B-1112A0E30CC7}" = protocol=6 | dir=in | app=e:\games\mass effect 2\masseffect2launcher.exe | "{B789C6D9-F2B8-4F2F-A368-E260BEC21663}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BBAB8DCA-D381-4B62-9003-1819A9A15101}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | "{BD3FFFA9-8AAD-408E-A6D6-AF8782EAD654}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{BD9B7AC0-CD42-44B7-BF13-5CC2FEAB8AB2}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\uplaybrowser.exe | "{C4B10BB5-21C1-42B3-A160-67D88AF4A003}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe | "{C8720399-E027-457A-B6EF-678966A4FE98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CCAD9962-52C0-43BE-A7DB-C72ED249F2E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CDB3D4AD-81F5-4525-A986-D6FC3DC9962D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{D2A179A9-917D-4D8A-8D9B-0ED2911DF77A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{E4118CBA-7DC9-43BF-99BC-ED092626FA85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E4AF60D7-29F0-48F3-AB91-5F211B3D3088}" = protocol=6 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe | "{E7F7F9C0-B2B2-4620-8263-2F081F8A3806}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E9245AC5-546C-469A-B379-B627D67C246B}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | "{EDC62373-C342-4C74-9BAE-C51DAC0F7CCB}" = protocol=17 | dir=in | app=e:\games\mass effect 2\masseffect2launcher.exe | "{F0C1A871-8E1E-4B19-845B-9EABC0740BAE}" = protocol=17 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe | "{F3EDF92F-EA94-4967-BD85-01DDF9489802}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F5FBE70A-4ED3-4E2B-BB80-783D962E58AD}" = protocol=6 | dir=in | app=e:\games\diablo iii\diablo iii.exe | "{F8372608-9C98-4BA1-BA82-8AA58AC29C49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{0E93BCD9-8322-4A74-A633-20C2BFA76C1B}E:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=e:\games\deadspace\dead space.exe | "TCP Query User{1727DE4A-998E-4147-BA11-DD12114BC2C3}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{1DEBD938-9BD6-432D-9857-20E8A60BC5D5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{2D7F1664-E111-454C-8BC7-56CD85F6F426}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | "TCP Query User{361E4CA9-B062-4A40-A4E1-F415A493129D}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{38D0AFE0-DD17-43AD-ABC1-1BDF2482E493}E:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=e:\games\call of duty - black ops\blackops.exe | "TCP Query User{3CE0C551-B0F0-4C52-9F47-A67366DAE634}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{3F142973-0CB4-42B3-9A1A-E92CE8A7E371}C:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{4002F8F1-B8E5-4EAA-BE8D-8610526456C5}C:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe | "TCP Query User{57A13F9B-8520-44CD-9F79-D7F2BF066E35}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{70FC3136-EBF2-484D-AF75-DF446A0E5337}E:\games\assasinscreed2\assassinscreediigame.exe" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe | "TCP Query User{73F4B04D-3AB1-4C53-8FD3-61230F9BC6AC}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{81A31EEC-122B-47C5-B9A1-3448F767F8BE}E:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=e:\games\deadspace\dead space.exe | "TCP Query User{8B089917-AB19-4E2B-8967-2374168D5E2F}C:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "TCP Query User{984937E7-2A4F-494B-B3CC-4A82D15DCDC7}E:\games\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | "TCP Query User{9A177AFC-D580-4482-ACE1-8E176FD5D507}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe | "TCP Query User{9EA66D90-8E4A-4A19-80EB-9D0AC04D3F3F}E:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=e:\games\call of duty - black ops\blackops.exe | "TCP Query User{A338C8D8-5918-487B-AF71-1A85F818DACC}C:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{A7E9F891-5EE3-4B74-95A7-B55E2BA7DCE1}C:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "TCP Query User{AB676029-40F7-4652-8CCC-D429BF19914B}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "TCP Query User{B3FC7E09-1E59-41CD-B34F-4DA55662E08B}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe | "TCP Query User{D1F25B78-D1DE-4E4A-9B07-E478CEDF9F16}C:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe | "TCP Query User{D3153725-EB21-4749-8938-DF10896FFF48}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | "TCP Query User{DEF00530-6252-4DD2-A405-94C9FA3AEEA8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{E302D978-89F6-4A08-A08C-C86F4FFC19A4}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{ED9F10CC-F25A-4D72-AAD8-C0A7EE10D52D}E:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | "TCP Query User{F068C3ED-C961-4B81-B560-687B402F4A05}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{F676DC9D-E413-4DE0-8BCD-5460B0AB753D}E:\games\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe | "UDP Query User{06F285CC-A6E5-414D-8D61-CF1A252487D7}C:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "UDP Query User{071EAB71-1F01-43F1-8CAC-0FE2290967D9}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe | "UDP Query User{0AE2EA98-608E-4B4C-97C2-37748E07BE1C}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{23C1C6E5-F709-4400-BD2F-2B944995BA65}E:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | "UDP Query User{411EFD5F-C148-480F-B13D-BDDAC698DDC5}E:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=e:\games\deadspace\dead space.exe | "UDP Query User{42A4AB4B-1625-4D17-B964-E2A0A7390A1A}E:\games\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe | "UDP Query User{479945B7-7F98-4AE7-B402-F7C60D579332}C:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{581754D7-3482-4D34-9882-6066249AA721}E:\games\assasinscreed2\assassinscreediigame.exe" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe | "UDP Query User{5BB77663-5A3A-41DA-9E69-4D1672CABCDB}E:\games\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | "UDP Query User{65ACE489-A9F2-42F2-86A0-00EEB28D2DFF}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | "UDP Query User{6F4FE9FE-DB58-4C22-9BC4-0665254A6F2C}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe | "UDP Query User{712556D1-4047-4707-B488-05F26F150E93}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{799DC8CA-17D7-4802-A13E-74DA139E0CFE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{8065C3C6-38D1-4B96-BD2A-3362529A4768}E:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=e:\games\deadspace\dead space.exe | "UDP Query User{863D2DCB-F5B2-45EC-AAD7-5AC0990E1B42}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{88E05272-C507-4392-BB3B-28AE941D1585}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{92C0CB86-DF2A-46F7-ABD6-0DD65141F9AB}C:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe | "UDP Query User{9AD6C5F6-61E9-4BE1-83E0-5C7F1CFDEEBE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{AD6CE561-35D9-4050-8B62-CD17E92AE56B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{B3A6FF7D-A391-4B7D-9A88-B0D49ADB534A}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "UDP Query User{C0D0043A-0004-4953-8788-6AF89996F6D0}E:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=e:\games\call of duty - black ops\blackops.exe | "UDP Query User{C249CCEF-FBF7-4970-9B50-FF62634E6DA8}C:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{C463387F-4ECA-4CAB-A91A-3281B8174C74}C:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe | "UDP Query User{CB64CFFF-C29C-4A9A-9992-77833CA4CD20}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{CC2BB19E-B954-4760-B5A7-1C2AE8C3AC04}E:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=e:\games\call of duty - black ops\blackops.exe | "UDP Query User{DA454C23-7975-442D-B408-D75F222E75CA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | "UDP Query User{E8A992AC-8A19-4905-BD42-BA255565E92E}C:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "UDP Query User{FAE113D4-CFE5-4BC9-AE57-E975CE5764BE}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF960845-F006-40B0-B3B3-697219EF78B2}" = Protector Suite 2011 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3040 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam "{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1" = Batman Arkham City version 1.0 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E00FBF68-5168-49A3-BBCA-3D8C29E24D20}" = The Witcher 2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F385F486-C1BC-4350-8837-6F17761134B5}" = Gaming Keyboard Driver "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires Gold 1.0" = Microsoft Age of Empires Gold "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Any Video Converter_is1" = Any Video Converter 3.3.9 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "HotspotShield" = Hotspot Shield 2.55 "InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3040 "InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "ProInst" = Intel PROSet Wireless "StarCraft II" = StarCraft II "Steam App 72850" = The Elder Scrolls V: Skyrim "VLC media player" = VLC media player 2.0.0 "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/4/2012 9:07:37 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/4/2012 9:11:39 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CJLCEYQ\SoftonicDownloader_for_hijackthis.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 7/4/2012 9:11:41 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CJLCEYQ\SoftonicDownloader_for_hijackthis.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 7/4/2012 9:37:26 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 10:43:56 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 11:03:04 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 11:06:22 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 11:08:31 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 12:59:00 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 12:59:59 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 1:14:47 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 4/9/2012 5:35:48 AM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1294.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 4/10/2012 5:35:21 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. Error - 4/10/2012 5:35:21 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. Error - 4/10/2012 5:45:48 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 4/11/2012 1:52:24 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 4/11/2012 5:09:18 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 4/27/2012 9:55:17 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error - 4/27/2012 9:55:17 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000 Description = The Steam Client Service service failed to start due to the following error: %%1053 Error - 5/1/2012 10:53:15 AM | Computer Name = Laptop-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 5/6/2012 4:54:46 AM | Computer Name = Laptop-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report > ASWMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-06 21:26:36 ----------------------------- 21:26:36.318 OS Version: Windows x64 6.1.7601 Service Pack 1 21:26:36.318 Number of processors: 8 586 0x2A07 21:26:36.318 ComputerName: LAPTOP-PC UserName: Zach 21:26:36.552 Initialize success 21:28:28.998 AVAST engine defs: 12070601 21:28:53.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:28:53.719 Disk 0 Vendor: INTEL_SSDSC2MH120A2 PPG4 Size: 114473MB BusType: 11 21:28:53.719 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 21:28:53.719 Disk 1 Vendor: WDC_WD5000BPKT-00PK4T0 01.01A01 Size: 476940MB BusType: 11 21:28:53.719 Disk 0 MBR read successfully 21:28:53.719 Disk 0 MBR scan 21:28:53.766 Disk 0 Windows 7 default MBR code 21:28:53.766 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 2048 21:28:53.797 Disk 0 scanning C:\Windows\system32\drivers 21:28:58.919 Service scanning 21:29:11.762 Modules scanning 21:29:11.762 Disk 0 trace - called modules: 21:29:11.762 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069c62c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:29:11.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007abe790] 21:29:11.778 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007889520] 21:29:11.793 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007852680] 21:29:11.793 \Driver\atapi[0xfffffa800783e690] -> IRP_MJ_CREATE -> 0xfffffa80069c62c0 21:29:12.027 AVAST engine scan C:\Windows 21:29:12.669 AVAST engine scan C:\Windows\system32 21:30:38.871 AVAST engine scan C:\Windows\system32\drivers 21:30:44.621 AVAST engine scan C:\Users\Zach 21:31:20.430 AVAST engine scan C:\ProgramData 21:31:41.089 Scan finished successfully 21:31:50.678 Disk 0 MBR has been saved successfully to "C:\Users\Zach\Desktop\MBR.dat" 21:31:50.725 The log file has been saved successfully to "C:\Users\Zach\Desktop\aswMBR.txt" Cheers
  6. Hi Maniac - thanks for helping I can't for the life of me find the ad-aware files. Its not on my program list and I cant find it even when i search my files. The other 2 are now uninstalled. I can only guess the ad-aware is something left over from when I uninstalled this program previously. OTL.txt OTL logfile created on: 7/6/2012 9:15:11 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zach\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.08% Memory free 15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 27.14 Gb Free Space | 24.28% Space Free | Partition Type: NTFS Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 465.66 Gb Total Space | 242.49 Gb Free Space | 52.07% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Zach | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/06 21:14:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe PRC - [2012/06/26 01:46:12 | 000,468,848 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012/06/20 03:24:24 | 000,384,880 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012/06/16 19:04:33 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/27 14:55:15 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/01/11 16:48:09 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011/08/02 10:54:14 | 003,079,680 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe PRC - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/03/30 15:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2011/02/15 18:16:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe PRC - [2011/02/01 08:24:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 08:24:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/17 04:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2008/12/23 04:19:08 | 000,053,248 | ---- | M] (Chicony) -- C:\Program Files (x86)\Chicony\GameKeys\ModPS2Key.exe PRC - [2008/12/23 04:19:08 | 000,040,960 | ---- | M] (Chicony) -- C:\Program Files (x86)\Chicony\GameKeys\Driver\ZGKY.exe PRC - [2007/08/01 15:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe PRC - [2007/02/14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 22:37:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012/06/15 22:36:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/15 22:36:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/15 19:34:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/11 18:16:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/11 18:16:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 18:16:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/27 14:55:15 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/04/27 14:55:15 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/04/27 14:55:15 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/04/27 14:55:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/04/27 14:55:15 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/02 10:54:14 | 003,079,680 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe MOD - [2009/06/06 15:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll MOD - [2007/08/01 15:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe MOD - [2006/12/11 03:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/05/02 23:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/05/02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 23:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/26 01:46:12 | 000,468,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012/06/20 03:24:24 | 000,384,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012/06/20 02:26:02 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/27 14:55:15 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/01/15 20:21:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011/02/15 18:16:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2011/02/01 08:24:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/02/01 08:24:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/04/11 16:40:28 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2012/04/06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/02 13:20:40 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/03/02 11:57:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/22 15:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011/05/01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2011/03/22 19:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/08 15:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/03/08 15:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/02/10 09:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 09:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/09/23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/02/25 04:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) DRV:64bit: - [2009/12/09 02:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr) DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcspecialist.co.uk/ IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...&q={searchTerms} IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-11 22:15:08&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/02/23 18:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions [2012/02/23 18:39:02 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found. O3 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe (CHICOY) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe (CHICOY) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1001..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009/10/26 22:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{302306c0-6462-11e1-abd8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{302306c0-6462-11e1-abd8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{4abec948-3bf1-11e1-aabc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4abec948-3bf1-11e1-aabc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 21:14:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe [2012/07/06 21:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/07/06 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/07/06 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/07/06 21:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/07/06 17:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/07/05 23:23:54 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.com [2012/07/05 23:23:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.scr [2012/07/05 15:41:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/05 02:13:24 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/07/05 02:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/07/04 22:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012/07/04 20:45:56 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012/07/04 10:49:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/07/04 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\Zach\Desktop\Photos to be sorted 04072012 [2012/06/11 22:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/06/11 22:05:48 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Any Video Converter [2012/06/11 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012/06/11 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\OpenCandy [2012/06/11 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Any Video Converter Ultimate [2012/06/11 21:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/06/11 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\AnvSoft [2012/06/11 21:48:19 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\AVS4YOU [2012/06/11 21:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012/06/11 21:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012/06/09 15:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012/06/07 19:07:13 | 000,049,664 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\UsbFltr.sys [2012/06/07 19:07:13 | 000,019,200 | ---- | C] (Motorola) -- C:\Windows\SysNative\drivers\usbicp.sys [2012/06/07 19:07:13 | 000,014,592 | ---- | C] (Motorola) -- C:\Windows\SysWow64\drivers\Usbicp.sys [2012/06/07 19:07:12 | 000,077,312 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Tarantula.cpl [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/06 21:14:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe [2012/07/06 21:01:36 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 21:01:36 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 20:58:44 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/06 20:58:44 | 000,666,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/06 20:58:44 | 000,126,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/06 20:54:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/06 20:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/06 20:54:27 | 2131,419,135 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 17:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/05 23:23:54 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.com [2012/07/05 23:23:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.scr [2012/07/05 21:32:44 | 952,582,531 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/07/05 02:13:24 | 000,002,971 | ---- | M] () -- C:\Users\Zach\Desktop\HiJackThis.lnk [2012/07/04 21:25:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [2012/07/04 20:45:54 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk [2012/07/04 10:49:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat [2012/07/01 22:25:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/07/01 22:25:15 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/06/15 22:36:32 | 000,277,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/11 22:05:31 | 000,000,627 | ---- | M] () -- C:\Users\Zach\Desktop\Any Video Converter.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/05 02:13:24 | 000,002,971 | ---- | C] () -- C:\Users\Zach\Desktop\HiJackThis.lnk [2012/07/04 21:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2012/07/04 20:45:54 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk [2012/07/04 20:45:54 | 000,000,596 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk [2012/07/04 10:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012/07/04 10:49:12 | 952,582,531 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/06/11 22:05:31 | 000,000,627 | ---- | C] () -- C:\Users\Zach\Desktop\Any Video Converter.lnk [2012/06/07 19:07:13 | 000,010,275 | ---- | C] () -- C:\Windows\SysWow64\drivers\usbicp.cat [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/23 00:21:10 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/15 20:21:55 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/01/15 20:21:55 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/01/15 20:21:55 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/01/15 20:20:36 | 000,000,101 | R--- | C] () -- C:\Windows\OEM.ini [2012/01/15 20:20:36 | 000,000,020 | R--- | C] () -- C:\Windows\Bison.ini [2012/01/13 23:21:55 | 000,007,609 | ---- | C] () -- C:\Users\Zach\AppData\Local\Resmon.ResmonCfg [2012/01/11 16:35:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/01/11 16:35:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2012/01/11 16:19:47 | 000,005,967 | ---- | C] () -- C:\Users\Zach\AppData\Local\backup.vtp [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012/06/11 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\AnvSoft [2012/07/04 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012/01/20 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Bioshock2 [2012/01/27 22:35:40 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\DAEMON Tools Lite [2012/06/11 22:05:28 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\OpenCandy [2012/01/14 20:25:15 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Origin [2012/01/11 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Protector Suite [2012/01/27 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Ubisoft [2012/05/28 11:18:23 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  7. Hi - directed to post here from general forum. When I run Malwarebytes on full scan it crashes (bluescreen/memory dump) my PC. This is close to the end of the scan when it reaches winsxs folder. Quick scan is fine and full can in safe mode is fine also. Windows 7 is OS - nothing comes up when I run spybot and microsoft essentials. I have recently uninstalled Lavasoft and moved to Microsoft Essentials as Lavasot software also crashed my PC on full scan which I thought at the time was related to a recent upgrade. dds.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Zach at 23:26:24 on 2012-07-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8172.6281 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Protector Suite\upeksvr.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\Hotkey\PowerBiosServer.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Chicony\GameKeys\MODPS2KEY.EXE C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Protector Suite\psqltray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\Tarantula\razerhid.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Chicony\GameKeys\Driver\ZGKY.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/ uInternet Settings,ProxyOverride = *.local mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe mRun: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}\3456E64756270516273637 : DhcpNameServer = 4.2.2.1 TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}\6796277696E6D65646961653234383039313 : DhcpNameServer = 194.168.4.100 194.168.8.100 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll BHO-X64: BitTorrentBar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe mRun-x64: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-6-26 468848] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-6-20 384880] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-17 1262400] R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-15 33792] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-11 2656280] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296] R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-17 136176] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?] S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-17 136176] S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\system32\drivers\UsbFltr.sys --> C:\Windows\system32\drivers\UsbFltr.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-07-05 22:10:25 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-07-05 15:18:34 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72766A6F-F649-40D4-9092-4D1FBF0D97C1}\gapaengine.dll 2012-07-05 15:18:34 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-05 15:18:33 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B06C734-8466-4110-840F-8C7F598E3A8E}\mpengine.dll 2012-07-05 15:08:28 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-05 14:41:47 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-05 01:13:23 388096 ----a-r- C:\Users\Zach\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-05 01:13:23 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-04 21:58:58 -------- d-----w- C:\ProgramData\GFI Software 2012-07-04 19:45:56 -------- d-----w- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 2012-07-04 19:42:41 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-07-04 19:39:44 -------- d-----w- C:\Users\Zach\AppData\Roaming\Ad-Aware Antivirus 2012-06-21 19:02:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 19:02:47 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 19:02:46 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 19:02:46 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-15 11:38:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-11 21:15:00 -------- d--h--w- C:\ProgramData\Common Files 2012-06-11 21:05:28 -------- d-----w- C:\Users\Zach\AppData\Roaming\OpenCandy 2012-06-11 20:57:17 -------- d-----w- C:\Users\Zach\AppData\Roaming\AnvSoft 2012-06-11 20:48:19 -------- d-----w- C:\Users\Zach\AppData\Roaming\AVS4YOU 2012-06-11 20:47:58 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-06-11 20:47:58 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2012-06-11 20:47:58 -------- d-----w- C:\ProgramData\AVS4YOU 2012-06-11 20:47:58 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia 2012-06-07 18:07:13 49664 ----a-w- C:\Windows\System32\drivers\UsbFltr.sys 2012-06-07 18:07:13 19200 ----a-w- C:\Windows\System32\drivers\usbicp.sys 2012-06-07 18:07:13 14592 ----a-w- C:\Windows\SysWow64\drivers\Usbicp.sys 2012-06-07 18:07:12 77312 ----a-w- C:\Windows\SysWow64\Tarantula.cpl . ==================== Find3M ==================== . 2012-06-16 18:04:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-16 18:04:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-17 00:45:14 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-05-17 00:45:14 839112 ----a-w- C:\Windows\System32\deployJava1.dll 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll . ============= FINISH: 23:26:35.49 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/01/2012 15:15:14 System Uptime: 05/07/2012 23:21:11 (0 hours ago) . Motherboard: CLEVO | | P180HMx Processor: Intel® Core i7-2860QM CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 27.381 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 466 GiB total, 242.49 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . RP135: 05/07/2012 03:07:25 - Scheduled Checkpoint RP136: 05/07/2012 16:07:22 - Restore Operation RP137: 05/07/2012 23:10:19 - Windows Update . ==== Installed Programs ====================== . Ad-Aware Browsing Protection Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Any Video Converter 3.3.9 Apple Application Support Apple Software Update Assassin's Creed II Batman Arkham City version 1.0 Batman: Arkham Asylum BBC iPlayer Desktop BioShock 2 BisonCam BitTorrent BitTorrentBar Toolbar Call of Duty Modern Warfare 2 Call of Duty: Black Ops D3DX10 DAEMON Tools Lite Dead Space™ Dead Space™ 2 Diablo III Gaming Keyboard Driver Google Toolbar for Internet Explorer Google Update Helper HiJackThis Hotkey 3.3040 Hotspot Shield 2.55 Intel PROSet Wireless Intel® Management Engine Components JMicron Flash Media Controller Driver Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 Mass Effect 2 Medieval II Total War Mesh Runtime Messenger Companion Microsoft Age of Empires Gold Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Morrowind MSVCRT MSVCRT_amd64 NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Oblivion Origin Razer Diamondback 3G Razer Tarantula Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.5 Spybot - Search & Destroy Star Wars: The Old Republic StarCraft II Steam TES Construction Set The Elder Scrolls V: Skyrim The Witcher 2 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VLC media player 2.0.0 WebCam Installer Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 05/07/2012 23:21:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 05/07/2012 21:32:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a870, 0xffffffffc0000185, 0x00000000080fa860, 0xfffff8800150e2b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7675-01. 05/07/2012 21:20:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006f78, 0xffffffffc0000185, 0x00000000b6499860, 0xfffff88000def93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7285-01. 05/07/2012 21:00:53, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 05/07/2012 20:54:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 05/07/2012 20:54:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 05/07/2012 20:54:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 05/07/2012 20:54:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 05/07/2012 20:54:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx vwififlt Wanarpv6 WfpLwf 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 05/07/2012 20:54:16, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 05/07/2012 20:54:12, Error: sptd [4] - Driver detected an internal error in its data structures for . 05/07/2012 20:44:05, Error: NetBT [4300] - The driver could not be created. 05/07/2012 20:44:04, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread 05/07/2012 18:14:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc400060f0, 0xffffffffc0000185, 0x00000001c8b1d860, 0xfffff88000c1e93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-10327-01. 05/07/2012 16:08:28, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.974.0;1.129.974.0 Engine version: 1.1.8502.0 05/07/2012 16:06:54, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 05/07/2012 16:03:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000aa48, 0xffffffffc0000185, 0x00000000c85a8860, 0xfffff880015492b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7456-01. 05/07/2012 02:37:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006ef0, 0xffffffffc0000185, 0x0000000070f15860, 0xfffff88000dde93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-9984-01. 05/07/2012 02:37:19, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened. 05/07/2012 02:07:36, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a8b0, 0xffffffffc0000185, 0x00000001b0057860, 0xfffff88001516c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7534-01. 05/07/2012 01:41:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a808, 0xffffffffc0000185, 0x000000021e60b860, 0xfffff880015012b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-8252-01. 05/07/2012 00:51:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a798, 0xffffffffc0000185, 0x0000000126f97860, 0xfffff880014f3c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7363-01. 04/07/2012 22:57:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006e80, 0xffffffffc0000185, 0x0000000032e28860, 0xfffff88000dd093c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-8049-01. 04/07/2012 21:52:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40009a58, 0xffffffffc0000185, 0x0000000085869860, 0xfffff8800134bc08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-8595-01. 04/07/2012 10:49:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc400074e8, 0xffffffffc0000185, 0x0000000061f54860, 0xfffff88000e9d93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-10467-01. 04/07/2012 00:04:56, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 03/07/2012 09:17:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.804.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. . ==== End Of File ===========================
  8. Wow - quick response! when i say i crashes it goes to BSOD/Memory dump. Nope only had Lavasoft but got rid of that a few days ago and moved to Microsoft Essentials. There was an upgrade on Lavasoft and then it started crashing my PC - BSOD/Memory Dump. I thought it was just an issue with the software hence the change. Then I ran Malwarebytes as a full scan which I do infrequently when I'm doing a clean up on my PC and got the same issue. OK thanks for info I'll follow the steps provided. Cheers
  9. Hi - first post here so bear with me. Been using Malwarebytes for a while now and recently on full scans it crashes my PC towards the end of the scan - winsxs folder. Quick scan is fine, Full scan in Safe Mode is fine. Spybot and Windows essentials also run fine and dont show any infections. I used to use Lavasofts AV but it also started crashing on full scan - possibly related but didnt click with me. Just looking for advice - not sure if it is a bug or an infection. Running Windows 7. Can you advise if this is likely to be an issue and next steps please? Thanks for your help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.