Will96

Members
  • Content count

    9
  • Joined

  • Last visited

About Will96

  • Rank
    New Member
  1. Oh mygoodness, my computer keeps freezing up every few minutes and it's incredibly annoying. here are mycombo logs ComboFix 12-07-06.02 - Will 07/06/2012 19:22:31.1.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2317 [GMT -7:00] Running from: c:\users\Will\Desktop\ComboFix.exe AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Will\Documents\~WRL1392.tmp c:\windows\system32\KBL.LOG . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 02:31 . 2012-07-07 02:32 -------- d-----w- c:\users\Will\AppData\Local\temp 2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\UpdatusUser.WILL-PC\AppData\Local\temp 2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-07 02:03 . 2012-07-07 02:03 -------- d-----w- C:\_OTL 2012-07-06 19:26 . 2012-07-06 20:41 -------- d-----w- c:\program files\ESET 2012-07-06 10:16 . 2012-07-06 10:16 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-06 10:16 . 2012-07-06 10:16 -------- d-----w- c:\program files\Trend Micro 2012-07-06 01:42 . 2012-07-06 01:42 -------- d-----w- c:\users\Wes 2012-06-28 03:16 . 2012-06-28 03:16 670816 ----a-w- c:\windows\system32\xsherlock.xem 2012-06-24 18:38 . 2012-07-02 16:26 -------- d-----w- c:\programdata\WEBZEN 2012-06-24 18:24 . 2012-06-27 17:03 -------- d-----w- c:\users\Will\AppData\Local\Overwolf 2012-06-24 18:04 . 2012-07-02 16:26 -------- d-----w- c:\program files\WEBZEN 2012-06-22 01:48 . 2012-06-27 06:58 -------- d-----w- c:\users\Will\AppData\Roaming\FlashgetSetup 2012-06-22 01:48 . 2012-06-24 18:30 -------- d-----w- c:\users\Will\AppData\Roaming\BITS 2012-06-22 01:48 . 2012-06-27 06:59 -------- d-----w- c:\program files\FlashGet Network 2012-06-21 05:00 . 2012-07-06 21:07 -------- d-----w- C:\Nexon 2012-06-18 13:05 . 2012-06-18 13:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-18 13:05 . 2012-06-18 13:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-17 15:16 . 2012-06-17 15:16 -------- d-----w- c:\program files\LOLReplay 2012-06-07 06:29 . 2012-06-07 06:29 -------- d-----w- c:\users\Will\AppData\Local\Chromium . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-22 23:18 . 2012-05-22 23:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-22 23:18 . 2012-02-18 22:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:26 . 2012-05-22 22:50 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2012-05-22 22:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26 . 2012-05-22 22:47 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-15 10:26 . 2012-05-22 22:47 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:26 . 2012-05-22 22:47 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:26 . 2012-05-22 22:47 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:26 . 2012-05-22 22:47 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2012-05-22 22:47 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-05-15 10:26 . 2012-05-22 22:47 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:26 . 2012-05-22 22:47 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 10:26 . 2012-05-22 22:47 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:26 . 2012-05-22 22:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:28 . 2012-05-22 22:51 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28 . 2012-05-22 22:51 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2012-05-22 22:51 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2012-05-22 22:51 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2012-05-22 22:51 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2012-05-22 22:51 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-06-18 13:05 . 2012-02-20 18:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk backup=c:\windows\pss\LOLRecorder.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sophos AutoUpdate Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk backup=c:\windows\pss\Sophos AutoUpdate Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Will^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2012-03-07 22:40 3117344 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-11-18 03:28 136176 ----atw- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-10-03 23:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-12-04 21:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2010-07-21 23:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] 2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-06-09 18:25 7539232 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2009-10-26 22:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-08-17 07:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start . R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x] R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 03:28] . 2012-07-03 c:\windows\Tasks\HPCeeScheduleForWill.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-26 19:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe MSConfigStartUp-QPService - c:\program files\HP\QuickPlay\QPService.exe MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe MSConfigStartUp-SynTPStart - c:\program files\Synaptics\SynTP\SynTPStart.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-06 19:35:44 ComboFix-quarantined-files.txt 2012-07-07 02:35 . Pre-Run: 173,687,578,624 bytes free Post-Run: 174,716,133,376 bytes free . - - End Of File - - D5B2C27D1B6F1D6D00759EF90190265A
  2. Hey, thanks for returning to my thread. Just a head up as I've been still trying to fix my computer. I just uninstalled my Spybot and Malwarebytes because neither of them worked (Errors or corruptions when attempting to open) and I installed Eset (I disabled this when running combofix) I tried scanning a third time in Safe-mode and it miraculously didn't get a BSOD, however it was suspicious of a file called system32.gdi.dll or something. And it later got the BSOD to my dismay. It was "Bad Pool Header" this time. As I tried scanning with ESET, It got stuck on system32.gdi.dll or something similar to that as well. Here are my logs for OTL All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Will\Desktop\cmd.bat deleted successfully. C:\Users\Will\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser User: UpdatusUser.WILL-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Wes ->Temp folder emptied: 102845 bytes User: Will ->Temp folder emptied: 5725724106 bytes ->Temporary Internet Files folder emptied: 1442194 bytes ->Java cache emptied: 41607266 bytes ->FireFox cache emptied: 49982043 bytes ->Flash cache emptied: 43584 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 107489 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5,550.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07062012_190343 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. I meant "tried scanning" instead of installing by the way. My bad sorryu.
  4. Hey, I just got back. I immediately got on Safe mode and tried installing, but this time I watched my computer scan from the avast scanner you sent me. I once again got a BSOD, however it was "Bad Pool Header" when the scan began checking my System32: gda.dll or something, (it was only a brief second) and it restarted my computer. Perhaps this is more of a hardware issue?? The reason why I think it's suspicious though is that I cannot open Spybot, nor Malwarebytes, but I can run everything else okay.
  5. Alright will do, i have to leave about now, i'll be back at 11 AM pst. thanks for helping out so far
  6. Thank you for responding. I encountered a new problem when trying to run the avast scanner. I seem get the BSOD with the error IRQL is less than or equal to. I got this error twice as I scanned twice so i am only able to give you the OTL files. OTL logfile created on: 7/6/2012 8:20:06 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free 7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free Paging file location(s): c:\pagefile.sys 4500 4500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS Computer Name: WILL-PC | User Name: Will | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe PRC - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS) SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS) SRV - [2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock) SRV - [2012/06/18 06:05:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/06/06 09:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010/07/26 20:10:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Will\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - [2012/07/06 02:43:26 | 000,028,488 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/07/25 10:27:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel® DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007/06/28 08:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKLM\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E} IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-509424225-914708275-285777440-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Will\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Will\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/05 21:43:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 06:05:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 16:34:43 | 000,000,000 | ---D | M] [2010/12/19 19:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions [2012/06/28 23:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions [2010/12/21 00:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/05/16 16:35:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\rt5iea1u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/05/03 21:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/28 23:08:52 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\WILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RT5IEA1U.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012/06/18 06:05:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/05 17:36:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2012/06/18 06:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/18 06:04:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/22 15:54:03 | 000,442,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15218 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-509424225-914708275-285777440-1018..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 08:18:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe [2012/07/06 08:15:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe [2012/07/06 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/07/06 08:03:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe [2012/07/06 03:35:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Will\Desktop\dds.com [2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/07/06 03:16:18 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/06/27 20:16:07 | 000,670,816 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem [2012/06/27 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\C9 [2012/06/24 11:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2012/06/24 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub [2012/06/24 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Overwolf [2012/06/24 11:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\WEBZEN [2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\FlashgetSetup [2012/06/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\BITS [2012/06/21 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2012/06/20 22:00:52 | 000,000,000 | ---D | C] -- C:\Nexon [2012/06/17 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\LOLReplay [2012/06/17 08:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay [2012/06/11 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/06/06 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Chromium [2012/06/06 09:00:53 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Guild Wars 2 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/06 08:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013UA.job [2012/07/06 08:18:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Will\Desktop\aswMBR.exe [2012/07/06 08:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe [2012/07/06 08:07:35 | 000,001,236 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/07/06 08:07:35 | 000,001,212 | ---- | M] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk [2012/07/06 08:04:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Will\Desktop\spybotsd162.exe [2012/07/06 08:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000UA.job [2012/07/06 07:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/06 03:35:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Will\Desktop\dds.com [2012/07/06 03:16:19 | 000,002,959 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.lnk [2012/07/06 03:15:15 | 001,402,880 | ---- | M] () -- C:\Users\Will\Desktop\HiJackThis.msi [2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 02:44:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 02:43:26 | 000,028,488 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2012/07/06 02:36:23 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 01:25:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1013Core.job [2012/07/03 07:37:50 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWill.job [2012/07/03 00:18:53 | 000,001,151 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012/07/02 23:23:03 | 000,001,603 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk [2012/07/02 10:00:19 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509424225-914708275-285777440-1000Core.job [2012/07/02 08:48:57 | 000,001,071 | ---- | M] () -- C:\Users\Will\Documents - Shortcut.lnk [2012/06/27 20:16:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem [2012/06/21 19:13:14 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat [2012/06/21 18:48:54 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI [2012/06/17 08:16:49 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012/06/15 20:14:35 | 000,278,561 | ---- | M] () -- C:\Users\Will\Desktop\Minecraft.exe [2012/06/11 16:34:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/09 09:24:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/09 09:24:50 | 000,386,040 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2012/06/09 09:24:50 | 000,369,938 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2012/06/09 09:24:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/09 09:24:50 | 000,104,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2012/06/09 09:24:50 | 000,099,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/06 08:07:35 | 000,001,236 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/07/06 08:07:35 | 000,001,212 | ---- | C] () -- C:\Users\Will\Desktop\Spybot - Search & Destroy.lnk [2012/07/06 03:16:19 | 000,002,959 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.lnk [2012/07/06 03:15:12 | 001,402,880 | ---- | C] () -- C:\Users\Will\Desktop\HiJackThis.msi [2012/07/05 21:59:30 | 000,028,488 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2012/07/02 23:23:03 | 000,001,603 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk [2012/07/02 08:48:57 | 000,001,071 | ---- | C] () -- C:\Users\Will\Documents - Shortcut.lnk [2012/06/21 19:13:14 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat [2012/06/21 18:48:54 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012/06/17 08:16:49 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012/06/15 20:13:33 | 000,278,561 | ---- | C] () -- C:\Users\Will\Desktop\Minecraft.exe [2012/06/11 16:34:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/04/05 17:18:25 | 000,000,023 | ---- | C] () -- C:\Users\Will\jagexappletviewer.preferences [2012/03/13 17:40:41 | 000,000,043 | ---- | C] () -- C:\Users\Will\jagex_cl_runescape_LIVE.dat [2012/03/13 17:40:41 | 000,000,024 | ---- | C] () -- C:\Users\Will\random.dat [2012/01/02 19:58:40 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012/01/02 19:58:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011/12/20 23:27:29 | 000,220,655 | ---- | C] () -- C:\Windows\hpoins19.dat [2011/12/20 23:27:29 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011/08/26 23:08:32 | 000,002,702 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011/07/04 23:46:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011/07/04 23:46:51 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011/07/04 23:46:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011/07/04 23:46:28 | 000,003,584 | ---- | C] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/22 23:02:06 | 000,782,152 | ---- | C] () -- C:\Users\Will\FUNNIEST LOL MATCH EVER.png [2011/06/01 20:17:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/06/01 20:15:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/12/19 19:33:27 | 000,000,632 | RHS- | C] () -- C:\Users\Will\ntuser.pol [2010/12/01 22:39:47 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/07/31 13:56:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/28 06:03:03 | 000,369,938 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2010/07/28 06:03:03 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2010/07/28 06:03:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2010/07/28 06:03:03 | 000,104,382 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2010/07/28 06:03:03 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2010/07/28 06:03:02 | 000,386,040 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2010/07/28 06:03:02 | 000,099,468 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2010/07/28 06:03:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2010/07/25 19:36:53 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat ========== LOP Check ========== [2012/07/01 18:56:50 | 000,000,000 | R--D | M] -- C:\Users\Will\AppData\Roaming\.minecraft [2010/12/19 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Auslogics [2012/06/24 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BITS [2011/12/06 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Downloaded Installations [2011/07/02 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ESET [2012/06/26 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\FlashgetSetup [2012/04/12 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Foxit Software [2011/04/25 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient [2012/05/29 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LolClient2 [2012/06/04 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mumble [2012/03/09 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Tunngle [2011/10/01 18:31:23 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 7/6/2012 8:20:06 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Will\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.32% Memory free 7.39 Gb Paging File | 6.16 Gb Available in Paging File | 83.37% Paging File free Paging file location(s): c:\pagefile.sys 4500 4500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.87 Gb Total Space | 150.75 Gb Free Space | 68.25% Space Free | Partition Type: NTFS Drive D: | 12.01 Gb Total Space | 1.89 Gb Free Space | 15.77% Space Free | Partition Type: NTFS Computer Name: WILL-PC | User Name: Will | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-509424225-914708275-285777440-1013\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027ADFF8-8F2A-4340-91FA-C3E59A113C90}" = rport=10243 | protocol=6 | dir=out | app=system | "{178B8573-AC31-45A1-BC32-F289ED829824}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2B6D86F1-8AC6-4777-8AB2-A26E36C6F5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2E3771CE-75C7-4A5A-90D3-A6F025F10E30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E6FAD89-C0ED-4853-A7E2-7ADB88840EEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{48BA405F-8C74-48AB-BA31-F5AA8B6E5143}" = rport=139 | protocol=6 | dir=out | app=system | "{56C257A6-9A93-479D-814D-1B15F03AAAF0}" = rport=445 | protocol=6 | dir=out | app=system | "{6017858F-BCE4-4A2A-84E6-2C673ADA6F4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{65483500-E17E-4C1D-935F-BA2DE7B8AE89}" = lport=2869 | protocol=6 | dir=in | app=system | "{6B9B9392-B9AC-41BE-99D0-28FD51DB5740}" = rport=138 | protocol=17 | dir=out | app=system | "{7B4178F6-6A5F-4584-8B6D-1D046AD6B01F}" = lport=445 | protocol=6 | dir=in | app=system | "{817DF8E3-BB8D-46CC-8F65-8A5DCF75D472}" = lport=139 | protocol=6 | dir=in | app=system | "{86FB1EA4-D965-4298-9388-056E625C9D25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{936E0914-AFFE-4AC4-AE45-D122FEC59D40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93763227-D798-4BC5-AC8D-1C94BE782422}" = lport=2869 | protocol=6 | dir=in | app=system | "{A0303A41-5F8A-49D2-AE21-8656349BFCBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B21D106A-AB17-481D-A9DD-A00AEE3A4B8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B2911345-ABA7-44C0-BC3E-FEA553F6F37E}" = lport=138 | protocol=17 | dir=in | app=system | "{BAD86228-0CC5-435F-A4AC-D50D76DA7FC8}" = rport=137 | protocol=17 | dir=out | app=system | "{C97B914F-B2BA-4C37-A55C-3D8642EAFB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E23EE3E1-B5F2-4D25-B61C-57B8B980EC9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E338B347-4500-4418-80F1-7CF4C4210012}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED719730-FCA0-4D74-A7DC-CFD94041680B}" = lport=10243 | protocol=6 | dir=in | app=system | "{F3BF7FC9-3553-4A31-B378-29CDF270C3E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FD25E8FA-0B6E-4641-A8D4-3CB5A3C263A4}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0499FDF6-A133-473C-A16B-8E609EB40884}" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe | "{09D14773-6910-4083-B541-41781D3CA7E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{0D540F35-F8E8-4EE8-AE2E-FA54B2E1CE60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D74484E-1A3F-4E64-96C4-77EE778E581F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{11725EEC-6BD2-4579-B02F-0ECE56F82ABB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2910F288-F4D6-4084-BEC9-432C93E539D8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{3435EBA4-FA09-443B-A13A-F9E431070CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{42F7ACD7-95AF-4779-87BD-5BD33BE8B350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{54997423-3464-4F8B-80B9-98EC5416C31B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{55D23D99-B016-425D-B9CF-F0377D86FDDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5B3DD2AE-7292-4AB0-96D5-3FD0146C7A2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5F81A8CF-D404-4283-B5E6-8DD3A651796F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{65689F09-A7B6-41E6-B18E-5DCE0072ED9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7556BFCB-18B7-4C3F-BF61-3DF0237D1C9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{773CDCF6-D584-457F-8453-255F44ACB872}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{7963D438-D50E-4AEC-B54F-E1C2E8183D6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7D971091-1C55-4501-8434-88ED0EF63052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{836F8F7E-623E-474C-A3C9-7C027C8281B9}" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\7zs71b6\hpdiagnosticcoreui.exe | "{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{88901493-73B5-4508-B2C1-6B1321D319F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{98CA70E6-4F86-4740-823D-2E2A65EC3D26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9A1A2D09-A19C-4C44-8637-A384C459639C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9C4F9099-6FC6-4BB1-BAF1-BB527A8D8E6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9E3AAC6A-2B78-4F50-8660-31D3A38AA001}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A0E9F214-B12B-444D-9CF0-B2E99CD06584}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{AB2C2E2D-97B9-4B6B-AABD-2D7D880CF43C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{B3E837A3-9FDA-457C-BB32-89D0DDF2B1D0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{B6D934E2-678D-4A5B-ADAF-AFE6898924F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C2037CA2-58A1-4790-AA17-72FBEE2395B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{C740CD8C-A4DD-4E0E-A497-8BA9D09EDC28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C7CC2588-B75F-446D-A698-27D0E41B377B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCFCFE1F-B821-4DC3-897D-DC8ADE87C07F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{E1820E44-F2E6-4F90-A2F2-F554D61AB320}" = protocol=6 | dir=out | app=system | "{E20443B5-D353-4CC6-9F22-ECD80C234DC6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{F5148266-C8A4-4B5A-806F-E5BDE2EF09D6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{F740F55F-28D3-4303-9838-7E78846767E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB17598E-A0BE-4DD5-B095-45714084BC70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4B72550B-8901-42A3-8FE4-F91E18355CB7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{79A5BD8C-2A16-4D86-A204-13F9CE445888}C:\users\will\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe | "TCP Query User{9665017F-4B33-4181-980A-8CE3048DCD44}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{9E51E6ED-F973-44C0-ACBA-E268526E2E5D}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | "TCP Query User{BD35D096-6FC3-47AD-8005-7E50B49145E5}C:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\diablo iii\diablo iii.exe | "UDP Query User{112AACA7-4E2A-4DCD-8102-A46DB2A879C7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{29BE9513-2DB3-46D6-9289-78D67FBFCB40}C:\users\will\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\will\appdata\local\temp\gw2.exe | "UDP Query User{7F5CB412-8949-45A2-B352-0019514319A9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{BF90241D-06C7-4C52-9921-7A06890303F9}C:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\diablo iii\diablo iii.exe | "UDP Query User{F481AFEF-E8A0-4456-B347-4858AB4A0267}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista "{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "CCleaner" = CCleaner "Combat Arms" = Combat Arms "Digital Editions" = Adobe Digital Editions "Foxit Reader_is1" = Foxit Reader 5.1 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "LOLReplay" = LOLReplay "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Revo Uninstaller" = Revo Uninstaller 1.94 "SMSERIAL" = Motorola SM56 Speakerphone Modem "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4384 Error - 7/6/2012 9:00:49 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4384 Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5975 Error - 7/6/2012 9:00:50 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5975 Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7270 Error - 7/6/2012 9:00:51 AM | Computer Name = Will-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7270 Error - 7/6/2012 11:01:46 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id: 0xf50 Faulting application start time: 0x01cd5b8826738b26 Faulting application path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 80ae97ea-c77b-11e1-b454-001e6816d280 Error - 7/6/2012 11:08:52 AM | Computer Name = Will-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SpybotSD.exe, version: 1.6.2.46, time stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting process id: 0x103c Faulting application start time: 0x01cd5b89234d32b2 Faulting application path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 7e8c93e5-c77c-11e1-b454-001e6816d280 [ OSession Events ] Error - 7/5/2012 10:41:29 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 255 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/5/2012 10:43:14 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/5/2012 11:01:15 PM | Computer Name = Will-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/6/2012 1:03:29 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect. Error - 7/6/2012 1:03:45 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1053 Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error - 7/6/2012 1:04:15 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000 Description = The Software Protection service failed to start due to the following error: %%1053 Error - 7/6/2012 2:01:01 AM | Computer Name = Will-PC | Source = DCOM | ID = 10010 Description = Error - 7/6/2012 5:36:10 AM | Computer Name = Will-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 7/6/2012 5:36:30 AM | Computer Name = Will-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:34:28 AM on ?7/?6/?2012 was unexpected. Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7000 Description = The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: %%2 Error - 7/6/2012 5:36:35 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7001 Description = The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: %%2 Error - 7/6/2012 5:36:44 AM | Computer Name = Will-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd < End of report >
  7. Hey, I'm new here so I'm not too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually. At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point. Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there. Thanks in advance, I would really appreciate any form of help. Also, I'm helping out my community by volunteering, so I will not be able to respond from 10-11:30 AM pst. Thanks again. I originally posted this in gen disc, but that was wrong, as I was redirected by doc. Here are my dds and attach . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Will at 3:37:02 on 2012-07-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1930 [GMT -7:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\4656661657C647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{15C79EB9-274E-4A40-B1B2-1A79797CD4BC}\86F6D656C6563737 : DhcpNameServer = 192.168.15.1 192.168.1.1 TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DhcpNameServer = 10.0.0.1 Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\rt5iea1u.default\ FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\will\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\will\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-22 1262400] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-7 1153368] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-5 28488] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-6 40776] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-1 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400] S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-6-27 670816] . =============== Created Last 30 ================ . 2012-07-06 10:16:18 388096 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-07-06 10:16:18 -------- d-----w- c:\program files\Trend Micro 2012-07-06 09:43:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-06 04:59:30 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-28 03:16:07 670816 ----a-w- c:\windows\system32\xsherlock.xem 2012-06-24 18:38:49 -------- d-----w- c:\programdata\WEBZEN 2012-06-24 18:24:20 -------- d-----w- c:\users\will\appdata\local\Overwolf 2012-06-24 18:24:02 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP 2012-06-24 18:04:23 -------- d-----w- c:\program files\WEBZEN 2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\FlashgetSetup 2012-06-22 01:48:35 -------- d-----w- c:\users\will\appdata\roaming\BITS 2012-06-22 01:48:24 -------- d-----w- c:\program files\FlashGet Network 2012-06-21 05:00:52 -------- d-----w- C:\Nexon 2012-06-18 13:05:01 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-18 13:05:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-17 15:16:48 -------- d-----w- c:\program files\LOLReplay 2012-06-07 06:29:31 -------- d-----w- c:\users\will\appdata\local\Chromium . ==================== Find3M ==================== . 2012-05-22 23:18:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-22 23:18:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26:00 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:26:00 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:26:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26:00 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-05-15 10:26:00 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 10:26:00 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:28:50 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 3:38:19.26 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 7/25/2010 8:00:13 PM System Uptime: 7/6/2012 2:36:06 AM (1 hours ago) . Motherboard: Quanta | | 30D2 Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 983/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 151.21 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.894 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP295: 7/3/2012 8:21:43 AM - Scheduled Checkpoint RP297: 7/5/2012 6:33:12 PM - Revo Uninstaller's restore point - HP Customer Experience Enhancements RP299: 7/5/2012 6:34:06 PM - Removed HP Customer Experience Enhancements RP301: 7/5/2012 6:36:20 PM - Revo Uninstaller's restore point - HP Help and Support RP302: 7/5/2012 6:36:41 PM - Removed HP Help and Support RP304: 7/5/2012 6:40:44 PM - Revo Uninstaller's restore point - HP Active Support Library RP305: 7/5/2012 6:41:28 PM - Installed HP Active Support Library RP307: 7/5/2012 7:00:42 PM - Revo Uninstaller's restore point - HP Photosmart Essential 2.5 RP309: 7/5/2012 7:07:13 PM - Revo Uninstaller's restore point - Foxit Reader 5.1 RP310: 7/5/2012 8:41:51 PM - Windows Update RP311: 7/5/2012 9:16:48 PM - avast! Pro Antivirus Setup RP312: 7/6/2012 3:15:29 AM - Installed HiJackThis . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ActiveCheck component for HP Active Support Library Adobe AIR Adobe Digital Editions Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Shockwave Player Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag Bonjour Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Cards_Calendar_OrderGift_DoMorePlugout CCleaner Combat Arms Compatibility Pack for the 2007 Office system CyberLink YouCam D3DX10 DVD Suite ESU for Microsoft Vista Foxit Reader 5.1 Google Talk Plugin Hauppauge MCE XP/Vista Software Encoder (2.0.25149) HiJackThis HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.30 E1 HP QuickPlay 3.6 HP QuickTouch 1.00 C4 HP Smart Web Printing 4.60 HP Total Care Advisor HP Update HP User Guides 0087 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabel_Tattoo HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookHolidayPack1 HPPhotoSmartPhotobookModernPack1 HPPhotoSmartPhotobookPlayfulPack1 HPPhotoSmartPhotobookScrapbookPack1 HPPhotoSmartPhotobookWebPack1 iCloud Intel® Matrix Storage Manager iTunes Java Auto Updater Java 6 Update 31 League of Legends LightScribe System Software 1.10.13.1 LOLReplay Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.0 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Motorola SM56 Speakerphone Modem Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSCU for Microsoft Vista MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nexon Game Manager NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 301.42 NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Update Components PSSWCORE PVSonyDll QuickTime Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Revo Uninstaller 1.94 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype™ 4.2 SmartWebPrinting Spybot - Search & Destroy Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Ventrilo Client VideoToolkit01 WeatherBug Gadget Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 7/6/2012 2:36:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd 7/6/2012 2:36:35 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The system cannot find the file specified. 7/6/2012 2:36:35 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The system cannot find the file specified. 7/6/2012 2:36:10 AM, Error: sptd [4] - Driver detected an internal error in its data structures for . 7/5/2012 9:55:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/5/2012 9:55:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/5/2012 9:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 7/5/2012 9:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/5/2012 9:55:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/5/2012 9:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2012 9:55:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/5/2012 9:51:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect. 7/5/2012 9:51:55 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/5/2012 9:51:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/5/2012 9:38:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 7/5/2012 9:38:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf 7/5/2012 9:30:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 7/5/2012 9:27:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 7/5/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 7/5/2012 6:18:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 7/5/2012 10:04:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 7/5/2012 10:04:15 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/5/2012 10:03:45 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/5/2012 10:03:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect. 7/5/2012 10:01:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect. 7/5/2012 10:01:19 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/3/2012 7:38:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/3/2012 7:38:28 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 7/2/2012 9:19:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. 7/2/2012 9:19:13 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/2/2012 9:18:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x00000000, 0x8d957a54, 0x8d957630). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070212-72306-01. 7/2/2012 9:11:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 7/2/2012 9:11:07 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/2/2012 9:07:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickPlay Background Capture Service (QBCS) service to connect. 7/2/2012 9:07:02 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 7/2/2012 9:07:02 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS.txt Attach.txt
  8. P.S I currently cannot sleep because of this issue with my laptop (haha) and I am volunteering for my community in a few hours, so I might only be able to respond past 11 am PST. Thanks again
  9. Hey, I'm new here so I'm too familiar with how this works, but I've been struggling with this problem for quite a while. So earlier today, I had printer problems, where everytime I tried to click Print it would automatically crash me. Then, I tried uninstalling a few installations that came when I bought this computer, like HP Help and Support or something else and I later began to realize that my computer would continually go "This window is not responding" and it would white out and I would have to restart my computer manually. At this point in time, I assumed perhaps I had an infection, so I went into safemode and tried opening mbam and scanning, (Like I've done with every other virus I've ever had) and when I tried to originally scan it would freeze and go non-responsive, thus requiring a manual restart. I tried opening my Spyboy S&D and it wouldn't open, and my Avast was recently uninstalled (like two days ago) because it kept freezing. (I thought perhaps it was corrupt and would reinstall a day after, but when I try to it goes unresponsive) So I thought perhaps I must've uninstalled something essential to HP and I system restored to a day or two back. But I still cannot scan my computer at this point. Note: I've been trying to find a solution to this problem for the past 8 hours and I'm completely lost. I tried using mbam charmeleon, but after updating it gets stuck on "Killing known malicious processes" and it just gets stuck there. Thanks in advance, I would really appreciate any form of help.