madmatt7

Honorary Members

View Profile See their activity

Posts
59
Joined
November 2, 2012
Last visited
January 3, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by madmatt7

Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Thanks for all of the help. I am going to restore it myself after looking through the suggestions above.
- December 21, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

I'm not sure if it did. I'm almost positive it did have a restore CD but I can't say at this point in time. And I have no idea what factory restore-partition is.
- December 18, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

ListParts by Farbar Version: 30-10-2012 Ran by Olivia (administrator) on 18-12-2012 at 16:06:36 Windows 7 (X64) Running From: C:\Users\Olivia\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 6091.86 MB Available physical RAM: 5193.89 MB Total Pagefile: 12181.91 MB Available Pagefile: 11346.28 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (TI106234W0C) (Fixed) (Total:682.64 GB) (Free:633.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 682 GB 1501 MB Partition 3 Primary 14 GB 684 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 System NTFS Partition 1500 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI106234W0C NTFS Partition 682 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== ****** End Of Log ******
- December 18, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

I tried to go to previous restore point in the past so I doubt that's going to work . But...I might have done it the wrong way. I don't think I have made a full back up. But the only thing I really care about are my word documents and pictures...that will be easy to save just in case. And I don't have the windows 7 CD/DVD with me.
- December 18, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

I've tried to download avira but I cannot open up the installation program. I already downloaded it. I can't get passed 13% when I do /sfc scannow...in addition I when I tried to start up in safe mode earlier it got stuck several times. So I had to restart it then finally it had to "check disk for consistency." I'm afraid it is getting wors]e
- December 18, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Ok I will work on getting Avira downloaded. On another note... I can't complete sfc /scannow. It scans to 13% then stops and eventually stops. I believe I tried doing this with Jeff before. Not 100% sure though.
- December 17, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Also should I use the cmd prompt this in normal mode? My computer has reverted again back to its old symptoms...I guess it was either a lucky streak or...who knows.
- December 16, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

About the anti-virus; I had Avast before I started to fix this problem. I uninstalled it while searching for malware with jeff because I could not "temporarily turn it off" in safe mode. I haven't downloaded another one because a lot of the programs you instruct me to use require a anti-virus that is off. Should I still download one now?
- December 16, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Sorry for taking so long took me a long time to run that program. My system seems to actually be use-able! I hope I don't jinx it... It is running a little slow...but it doesn't take hours to start a program. Thanks so far!
- December 15, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Olivia at 17:28:19 on 2012-12-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4615 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\sppsvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://msn.com/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096] S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736] . =============== Created Last 30 ================ . 2012-12-15 22:23:34 -------- d-----w- C:\windows\System32\catroot2 2012-12-15 22:19:29 -------- d-----w- C:\windows\SysWow64\wbem\Performance 2012-12-15 22:18:07 303616 ----a-w- C:\SetACL.exe 2012-12-15 20:56:34 290304 ----a-w- C:\subinacl.exe 2012-12-13 02:16:37 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-12-13 02:03:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com 2012-12-12 07:50:57 -------- d-----w- C:\MGADiagToolOutput 2012-12-11 02:39:06 -------- d-----w- C:\Users\Olivia\DoctorWeb 2012-12-04 07:35:07 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3321B9B9-6D53-4EA9-946F-2AE87C3962C5}\mpengine.dll 2012-12-03 17:01:51 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-03 14:38:59 -------- d-----w- C:\ProgramData\Battle.net 2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup 2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs 2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll 2012-09-25 03:16:33 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll . ============= FINISH: 17:29:26.26 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2011 10:17:17 PM System Uptime: 12/15/2012 5:22:58 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 792/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 683 GiB total, 634.461 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Manufacturer: Microsoft Name: TOSHIBA Web Camera - MP PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Service: usbvideo . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader XI Adobe Shockwave Player 11.6 Apple Mobile Device Support Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Cookienator D3DX10 Epson Connect Epson Customer Participation Epson Event Manager EPSON NX230 Series Printer Uninstall EpsonNet Print Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Netwaiting Panda USB Vaccine 1.0.1.4 Pando Media Booster Photo Common Photo Gallery PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickTime Rakion International Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal Tool Spotify swMSM Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Tweaking.com - Windows Repair (All in One) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 12/9/2012 7:49:40 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 12/9/2012 7:17:27 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023174 12/9/2012 7:17:09 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/9/2012 6:24:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 12/9/2012 6:24:01 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/9/2012 6:24:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {8F5DF053-3013-4DD8-B5F4-88214E81C0CF} 12/9/2012 5:18:51 PM, Error: Service Control Manager [7001] - The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 12/9/2012 5:16:14 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 12/9/2012 5:13:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect. 12/9/2012 5:13:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/9/2012 5:05:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service. 12/9/2012 5:01:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/9/2012 5:00:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/9/2012 4:59:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 12/9/2012 4:59:01 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/9/2012 11:49:16 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 12/9/2012 11:25:19 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress. 12/9/2012 11:25:19 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress. 12/15/2012 6:37:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 12/15/2012 6:37:53 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 6:35:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 12/15/2012 6:34:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service. 12/15/2012 6:33:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 12/15/2012 6:31:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F} 12/15/2012 6:17:11 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 12/15/2012 6:02:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect. 12/15/2012 5:53:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 12/15/2012 5:48:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect. 12/15/2012 5:48:19 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 5:46:51 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/15/2012 5:24:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 12/15/2012 5:24:11 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 5:23:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 12/15/2012 5:23:33 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 5:03:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 12/15/2012 4:26:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {659CDEA7-489E-11D9-A9CD-000D56965251} 12/15/2012 4:14:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/15/2012 4:14:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/15/2012 4:14:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/15/2012 4:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/15/2012 4:14:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/15/2012 4:14:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 12/15/2012 3:49:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service. 12/15/2012 3:49:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect. 12/15/2012 3:49:43 PM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 3:46:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 12/15/2012 3:45:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 12/15/2012 3:45:29 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 3:44:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect. 12/15/2012 3:44:27 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 3:37:19 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 12/15/2012 12:42:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 12/15/2012 12:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 12/15/2012 12:41:51 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/15/2012 12:41:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 12/15/2012 12:40:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 12/14/2012 9:39:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 12/14/2012 8:50:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 12/14/2012 3:42:05 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 12/14/2012 3:30:32 AM, Error: Service Control Manager [7022] - The Software Protection service hung on starting. 12/14/2012 3:01:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. 12/14/2012 2:54:58 AM, Error: Service Control Manager [7023] - 12/13/2012 8:36:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 12/13/2012 6:23:51 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 12/13/2012 6:23:51 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 12/13/2012 6:22:31 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown. 12/13/2012 4:46:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 12/13/2012 4:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running. 12/13/2012 4:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. 12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/13/2012 2:37:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 12/12/2012 8:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB} 12/12/2012 8:48:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service. 12/12/2012 8:48:37 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/12/2012 2:49:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WatAdminSvc with arguments "" in order to run the server: {F02602C4-3C2A-473B-B35E-679A0076A4A5} 12/11/2012 6:06:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 12/11/2012 6:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 12/11/2012 12:52:02 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 12/11/2012 11:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 12/11/2012 11:23:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 12/10/2012 9:30:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 12/10/2012 9:30:39 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/10/2012 9:23:44 PM, Error: Service Control Manager [7022] - The Intel® Management and Security Application Local Management Service service hung on starting. 12/10/2012 8:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 12/10/2012 12:32:46 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The pipe has been ended. 12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress. 12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 12/10/2012 12:32:43 AM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. . ==== End Of File ===========================
- December 15, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Is there anyway I can by pass the UAC confirmation popup? So far I've been able to get passed step 3. It takes 30minutes-2 hours just to confirm that I want to run the program as administrator when I'm in normal mode.
- December 14, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Ok so I am currently trying to do the steps above...it freezes though after I choose to run as administrator. I think I can run it if I can some how turn off the "Use as admin" confirmation pop up.
- December 14, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Ok so I was able to do task 1 and 4. My computer could not do task 2/3 because it had to be in normal mode. It can get to the change settings window...but it has to be run as administrator. So once I click on the windows update icon my computer freezes...it cannot open up the pop-up that asks to confirm the change. I let it try to load for an hour... no luck. Should I try again and be patient or is there a way I can do it in safemode with networking... Also I use this computer at home and at my University. I use it more at my University...not sure if that's a "network" setting. And I'm not sure what a mapped drive is exactly..but I know I don't have one intentionally at least. -Thank you Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x8007043c Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ= Windows Product ID: 00359-OEM-8992687-00057 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {CDD96339-561B-473D-98F0-F04A53303B5C}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.120830-0333 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 100 Genuine Microsoft Office Home and Student 2007 - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A
- December 12, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

I am currently using a Toshiba Satellite. I did a scan I could not complete it because it had to scan over 3million objects...and after 3 hours it only did 340k objects. Complete scan and express scan were going the same speed...and the scan kept stopping I had to continuously hit "play." I will try to go through the scan tomorrow. It detected a "virus" in that 300-400k object scan. It left this log...oddly in excel, 27855-9[1].js;C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MFZTXH9;JS.IFrame.356;Deleted.;
- December 11, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

By the way something new popped up since I let my computer load up for hours. It now says in small white text on the bottom right corner: Windows 7 Build 7601 This copy of windows is not genuine Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader XI Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
- December 10, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

OTL logfile created on: 12/9/2012 8:19:03 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 75.25% Memory free 11.90 Gb Paging File | 10.32 Gb Available in Paging File | 86.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 634.52 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/09 20:17:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe PRC - [2012/11/09 09:25:02 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/28 18:12:50 | 000,852,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Wireless LAN Indicator\tosIndicator.exe PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009/09/23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe ========== Modules (No Company Name) ========== MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 17:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 17:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/06/09 12:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/19 13:24:34 | 000,152,640 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool) SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/12/20 20:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/20 20:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012/06/24 21:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/07/08 19:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011/07/07 17:02:16 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/12/01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 14:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/11/20 21:49:54 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys -- (rak) DRV - [2012/10/02 17:59:24 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D} IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464 IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\ CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org) O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/09 20:17:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/12/08 00:34:32 | 000,000,000 | ---D | C] -- C:\windows\Sun [2012/12/03 12:01:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/03 09:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup [2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs [2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2) [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe ========== Files - Modified Within 30 Days ========== [2012/12/09 20:17:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/12/09 19:57:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/09 19:18:00 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/12/09 16:58:32 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/09 16:57:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/09 16:57:27 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/12/09 11:30:27 | 000,117,174 | ---- | M] () -- C:\Users\Olivia\Desktop\VSS.reg [2012/12/09 11:30:04 | 000,003,132 | ---- | M] () -- C:\Users\Olivia\Desktop\EventSystem.reg [2012/12/09 11:29:44 | 000,002,755 | ---- | M] () -- C:\Users\Olivia\Desktop\txt_fix_w7.reg [2012/12/09 11:28:16 | 000,002,110 | ---- | M] () -- C:\Users\Olivia\Desktop\reg_fix_w7.reg [2012/12/08 22:12:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/08 22:12:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/08 00:37:05 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat [2012/12/08 00:34:42 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/12/09 11:30:26 | 000,117,174 | ---- | C] () -- C:\Users\Olivia\Desktop\VSS.reg [2012/12/09 11:30:03 | 000,003,132 | ---- | C] () -- C:\Users\Olivia\Desktop\EventSystem.reg [2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat [2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini [2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus [2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place [2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson [2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient [2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble [2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details [2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/12/09 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific [2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba [2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent [2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch [2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/6/2012 2:53:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.49% Memory free 11.90 Gb Paging File | 11.07 Gb Available in Paging File | 93.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 624.83 Gb Free Space | 91.53% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system | "{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system | "{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system | "{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system | "{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system | "{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system | "{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system | "{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe | "{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8103569E-264C-489B-82E0-3E230453C189}" = protocol=58 | dir=in | app=system | "{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{B239B623-C8E3-4745-B048-84913C0D3114}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | "TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "CNXT_AUDIO_HDA" = Conexant HD Audio "EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place "{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "NortonPCCheckup" = Toshiba Laptop Checkup "Rakion International_is1" = Rakion International "Warcraft III" = Warcraft III "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/29/2012 5:33:09 PM | Computer Name = Olivia-PC | Source = Microsoft-Windows-CAPI2 | ID = 512 Description = The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error - 11/29/2012 5:36:04 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/29/2012 6:31:34 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/29/2012 7:29:27 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25 Exception code: 0xc0000006 Fault offset: 0x000000000005f544 Faulting process id: 0x5dc Faulting application start time: 0x01cdce813238d76a Faulting application path: C:\windows\Explorer.EXE Faulting module path: C:\windows\system32\DUI70.dll Report Id: 9d1c531d-3a7c-11e2-aeef-047d7b02a6e7 Error - 11/29/2012 7:29:34 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\dui70.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows Explorer because of this error. Program: Windows Explorer File: C:\Windows\System32\dui70.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C00000B5 Disk type: 3 Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 18 Description = Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 8193 Description = Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = System Restore | ID = 8193 Description = Error - 11/30/2012 2:44:42 AM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/30/2012 4:08:14 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected. Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected. Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected. Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected. Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = < End of report >
- December 10, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Ok so I did the first set of instructions. Normal mode loaded up although very slow... when I hit the windows button then typed MSCONFIG windows was too slow to search for it. It was stuck at "searching." So I had to go to safe mode with networking. After I opened it up Normal Setup was selected. On the boot tab Safe boot was not checked. When I ran the cmd sfc /scannow it stopped at 13% and this message popped up. "Windows Resource Protection could not perform the requested operation. Sorry for taking so long to reply. Thank you for the help so far.
- December 9, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Never mind here it is OTL Extras logfile created on: 12/6/2012 2:53:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.49% Memory free 11.90 Gb Paging File | 11.07 Gb Available in Paging File | 93.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 624.83 Gb Free Space | 91.53% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system | "{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system | "{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system | "{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system | "{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system | "{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system | "{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system | "{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe | "{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8103569E-264C-489B-82E0-3E230453C189}" = protocol=58 | dir=in | app=system | "{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{B239B623-C8E3-4745-B048-84913C0D3114}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | "TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "CNXT_AUDIO_HDA" = Conexant HD Audio "EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place "{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "NortonPCCheckup" = Toshiba Laptop Checkup "Rakion International_is1" = Rakion International "Warcraft III" = Warcraft III "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/29/2012 5:33:09 PM | Computer Name = Olivia-PC | Source = Microsoft-Windows-CAPI2 | ID = 512 Description = The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error - 11/29/2012 5:36:04 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/29/2012 6:31:34 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/29/2012 7:29:27 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25 Exception code: 0xc0000006 Fault offset: 0x000000000005f544 Faulting process id: 0x5dc Faulting application start time: 0x01cdce813238d76a Faulting application path: C:\windows\Explorer.EXE Faulting module path: C:\windows\system32\DUI70.dll Report Id: 9d1c531d-3a7c-11e2-aeef-047d7b02a6e7 Error - 11/29/2012 7:29:34 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\dui70.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows Explorer because of this error. Program: Windows Explorer File: C:\Windows\System32\dui70.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C00000B5 Disk type: 3 Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 18 Description = Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 8193 Description = Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = System Restore | ID = 8193 Description = Error - 11/30/2012 2:44:42 AM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = Error - 11/30/2012 4:08:14 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected. Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected. Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected. Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected. Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = < End of report >
- December 6, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

The extras.txt won't appear on my desktop or anywhere else. OTL logfile created on: 12/6/2012 2:42:34 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.01 Gb Available Physical Memory | 84.14% Memory free 11.90 Gb Paging File | 10.98 Gb Available in Paging File | 92.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 624.90 Gb Free Space | 91.54% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Olivia\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys () DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D} IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464 IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\ CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org) O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/06 14:41:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/12/03 12:01:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/03 09:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012/12/01 19:51:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup [2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs [2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2) [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify [2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1 ========== Files - Modified Within 30 Days ========== [2012/12/06 14:41:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/12/06 14:37:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/06 14:37:53 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/12/06 02:20:08 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/06 02:06:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/06 02:06:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/06 01:57:23 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/05 20:05:49 | 000,049,769 | ---- | M] () -- C:\Users\Olivia\Desktop\66066_10151147583807097_1109712913_n.jpg [2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat [2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat ========== Files Created - No Company Name ========== [2012/12/05 20:05:49 | 000,049,769 | ---- | C] () -- C:\Users\Olivia\Desktop\66066_10151147583807097_1109712913_n.jpg [2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat [2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini [2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus [2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place [2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson [2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient [2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble [2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details [2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/12/06 02:20:22 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific [2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba [2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent [2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch [2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
- December 6, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

~~Update~~ Still in safe mode with networking Step 1: Complete Step 2: Complete all services listed above are shown and checked Step 3:Complete Farbar Service Scanner Version: 04-12-2012 Ran by Olivia (administrator) on 04-12-2012 at 16:47:50 Running from "C:\Users\Olivia\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is set to Auto. The default start type is 3. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Step 4:None to my knowledge.
- December 4, 2012
- 42 replies
Windows 7 won't load up?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

So my laptop has been acting up lately. When I start my laptop normally two things happen. One it will essentially freeze. Meaning I cannot click on any icons or do anything even the windows button does not respond. If it does not immediately freeze it will allow me to use my laptop normally for 1-5 minutes then it will freeze. Sometimes all it takes is opening another program in addition to my web browser to trigger it to freeze. (This second action never happened until I disabled all startup programs besides windows programs) I can only use my laptop in safe mode (currently in safe mode). I had started here and then I was sent to malware removal. After almost a week the experts at malware believe it is a software/hardware issue. This is all of the work Jeff and I have done to try to solve the problem. http://forums.malwar...ic=118765&st=40 Sorry for the wall of text! I hope someone can help me, I will greatly appreciate it! Thank you -Matt P.S. Sorry I made another topic I thought this one would've been gone by now.
- December 4, 2012
- 42 replies
Infected?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Hi, Thank you for all of your patience and help Jeff. I will try PC help...hopefully they can help me over there. At least we can be almost certain it probably isn't a malware issue.
- December 4, 2012
- 52 replies
Infected?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

Update: When I disable everything sometimes it works...sometimes it doesn't. When it does...it is very temporary.
- December 4, 2012
- 52 replies
Infected?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

On that note it is still running a little slow...and glitchy but it can be used.
- December 4, 2012
- 52 replies
Infected?

madmatt7 replied to madmatt7's topic in Resolved Malware Removal Logs

I disabled them all again and finally it is working normally! I haven't figured out which is causing the problem but it is working atlast! I have no idea how to. Without powering my computer on and off 20+ times.
- December 4, 2012
- 52 replies

Events

Profiles

Forums

Everything posted by madmatt7

Important Information