madmatt7
-
Posts
59 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by madmatt7
-
-
I'm not sure if it did. I'm almost positive it did have a restore CD but I can't say at this point in time.
And I have no idea what factory restore-partition is.
-
ListParts by Farbar Version: 30-10-2012
Ran by Olivia (administrator) on 18-12-2012 at 16:06:36
Windows 7 (X64)
Running From: C:\Users\Olivia\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 6091.86 MB
Available physical RAM: 5193.89 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 11346.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (TI106234W0C) (Fixed) (Total:682.64 GB) (Free:633.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 682 GB 1501 MB
Partition 3 Primary 14 GB 684 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106234W0C NTFS Partition 682 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
****** End Of Log ******
-
I tried to go to previous restore point in the past so I doubt that's going to work
. But...I might have done it the wrong way. I don't think I have made a full back up. But the only thing I really care about are my word documents and pictures...that will be easy to save just in case.And I don't have the windows 7 CD/DVD with me.
-
I've tried to download avira but I cannot open up the installation program. I already downloaded it. I can't get passed 13% when I do /sfc scannow...in addition I when I tried to start up in safe mode earlier it got stuck several times. So I had to restart it then finally it had to "check disk for consistency."
I'm afraid it is getting wors]e
-
Ok I will work on getting Avira downloaded. On another note... I can't complete sfc /scannow. It scans to 13% then stops and eventually stops. I believe I tried doing this with Jeff before. Not 100% sure though.
-
Also should I use the cmd prompt this in normal mode?
My computer has reverted again back to its old symptoms...I guess it was either a lucky streak or...who knows.
-
About the anti-virus; I had Avast before I started to fix this problem. I uninstalled it while searching for malware with jeff because I could not "temporarily turn it off" in safe mode. I haven't downloaded another one because a lot of the programs you instruct me to use require a anti-virus that is off. Should I still download one now?
-
Sorry for taking so long took me a long time to run that program. My system seems to actually be use-able! I hope I don't jinx it...
It is running a little slow...but it doesn't take hours to start a program. Thanks so far!
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Olivia at 17:28:19 on 2012-12-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4615 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 128.226.1.11 128.226.1.18
TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18
TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18
TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100
TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096]
S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736]
.
=============== Created Last 30 ================
.
2012-12-15 22:23:34 -------- d-----w- C:\windows\System32\catroot2
2012-12-15 22:19:29 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2012-12-15 22:18:07 303616 ----a-w- C:\SetACL.exe
2012-12-15 20:56:34 290304 ----a-w- C:\subinacl.exe
2012-12-13 02:16:37 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-12-13 02:03:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-12-12 07:50:57 -------- d-----w- C:\MGADiagToolOutput
2012-12-11 02:39:06 -------- d-----w- C:\Users\Olivia\DoctorWeb
2012-12-04 07:35:07 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3321B9B9-6D53-4EA9-946F-2AE87C3962C5}\mpengine.dll
2012-12-03 17:01:51 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-03 14:38:59 -------- d-----w- C:\ProgramData\Battle.net
2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup
2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs
2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller
2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-25 03:16:33 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 17:29:26.26 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2011 10:17:17 PM
System Uptime: 12/15/2012 5:22:58 PM (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 683 GiB total, 634.461 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000
Manufacturer: Microsoft
Name: TOSHIBA Web Camera - MP
PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Adobe Shockwave Player 11.6
Apple Mobile Device Support
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
Cookienator
D3DX10
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON NX230 Series Printer Uninstall
EpsonNet Print
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Label@Once 1.0
League of Legends
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Netwaiting
Panda USB Vaccine 1.0.1.4
Pando Media Booster
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
QuickTime
Rakion International
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RuneScape Launcher 1.2.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sophos Virus Removal Tool
Spotify
swMSM
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Warcraft III
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 7:49:40 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
12/9/2012 7:17:27 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023174
12/9/2012 7:17:09 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/9/2012 6:24:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
12/9/2012 6:24:01 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 6:24:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {8F5DF053-3013-4DD8-B5F4-88214E81C0CF}
12/9/2012 5:18:51 PM, Error: Service Control Manager [7001] - The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 5:16:14 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
12/9/2012 5:13:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/9/2012 5:13:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 5:05:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
12/9/2012 5:01:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/9/2012 5:00:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/9/2012 4:59:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
12/9/2012 4:59:01 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 11:49:16 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/9/2012 11:25:19 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
12/9/2012 11:25:19 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
12/15/2012 6:37:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
12/15/2012 6:37:53 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 6:35:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
12/15/2012 6:34:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
12/15/2012 6:33:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/15/2012 6:31:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}
12/15/2012 6:17:11 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
12/15/2012 6:02:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
12/15/2012 5:53:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
12/15/2012 5:48:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
12/15/2012 5:48:19 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 5:46:51 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/15/2012 5:24:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/15/2012 5:24:11 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 5:23:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
12/15/2012 5:23:33 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 5:03:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/15/2012 4:26:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {659CDEA7-489E-11D9-A9CD-000D56965251}
12/15/2012 4:14:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/15/2012 4:14:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/15/2012 4:14:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/15/2012 4:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/15/2012 4:14:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/15/2012 4:14:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
12/15/2012 3:49:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
12/15/2012 3:49:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect.
12/15/2012 3:49:43 PM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 3:46:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
12/15/2012 3:45:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
12/15/2012 3:45:29 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 3:44:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
12/15/2012 3:44:27 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 3:37:19 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
12/15/2012 12:42:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/15/2012 12:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
12/15/2012 12:41:51 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 12:41:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
12/15/2012 12:40:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
12/14/2012 9:39:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
12/14/2012 8:50:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/14/2012 3:42:05 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/14/2012 3:30:32 AM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.
12/14/2012 3:01:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/14/2012 2:54:58 AM, Error: Service Control Manager [7023] -
12/13/2012 8:36:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/13/2012 6:23:51 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/13/2012 6:23:51 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
12/13/2012 6:22:31 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
12/13/2012 4:46:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
12/13/2012 4:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
12/13/2012 4:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/13/2012 4:44:51 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/13/2012 2:37:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/12/2012 8:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
12/12/2012 8:48:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
12/12/2012 8:48:37 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2012 2:49:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WatAdminSvc with arguments "" in order to run the server: {F02602C4-3C2A-473B-B35E-679A0076A4A5}
12/11/2012 6:06:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
12/11/2012 6:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/11/2012 12:52:02 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/11/2012 11:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
12/11/2012 11:23:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/10/2012 9:30:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
12/10/2012 9:30:39 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2012 9:23:44 PM, Error: Service Control Manager [7022] - The Intel® Management and Security Application Local Management Service service hung on starting.
12/10/2012 8:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/10/2012 12:32:46 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The pipe has been ended.
12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
12/10/2012 12:32:46 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
12/10/2012 12:32:43 AM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
.
==== End Of File ===========================
-
Is there anyway I can by pass the UAC confirmation popup? So far I've been able to get passed step 3. It takes 30minutes-2 hours just to confirm that I want to run the program as administrator when I'm in normal mode.
-
Ok so I am currently trying to do the steps above...it freezes though after I choose to run as administrator. I think I can run it if I can some how turn off the "Use as admin" confirmation pop up.
-
Ok so I was able to do task 1 and 4. My computer could not do task 2/3 because it had to be in normal mode. It can get to the change settings window...but it has to be run as administrator. So once I click on the windows update icon my computer freezes...it cannot open up the pop-up that asks to confirm the change. I let it try to load for an hour... no luck. Should I try again and be patient or is there a way I can do it in safemode with networking...
Also I use this computer at home and at my University. I use it more at my University...not sure if that's a "network" setting. And I'm not sure what a mapped drive is exactly..but I know I don't have one intentionally at least.
-Thank you
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x8007043c
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {CDD96339-561B-473D-98F0-F04A53303B5C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
-
I am currently using a Toshiba Satellite. I did a scan I could not complete it because it had to scan over 3million objects...and after 3 hours it only did 340k objects. Complete scan and express scan were going the same speed...and the scan kept stopping I had to continuously hit "play." I will try to go through the scan tomorrow.
It detected a "virus" in that 300-400k object scan. It left this log...oddly in excel,
27855-9[1].js;C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MFZTXH9;JS.IFrame.356;Deleted.;
-
By the way something new popped up since I let my computer load up for hours. It now says in small white text on the bottom right corner:
Windows 7
Build 7601
This copy of windows is not genuine
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader XI
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
OTL logfile created on: 12/9/2012 8:19:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 75.25% Memory free
11.90 Gb Paging File | 10.32 Gb Available in Paging File | 86.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.64 Gb Total Space | 634.52 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/09 20:17:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe
PRC - [2012/11/09 09:25:02 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/28 18:12:50 | 000,852,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Wireless LAN Indicator\tosIndicator.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 17:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 17:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/09 12:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/19 13:24:34 | 000,152,640 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/20 20:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 21:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 19:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/07 17:02:16 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 14:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/20 21:49:54 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys -- (rak)
DRV - [2012/10/02 17:59:24 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}
IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464
IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\
CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/09 20:17:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe
[2012/12/08 00:34:32 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/12/03 12:01:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/03 09:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup
[2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs
[2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller
[2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2)
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
========== Files - Modified Within 30 Days ==========
[2012/12/09 20:17:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe
[2012/12/09 19:57:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/09 19:18:00 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/09 16:58:32 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 16:57:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/09 16:57:27 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 11:30:27 | 000,117,174 | ---- | M] () -- C:\Users\Olivia\Desktop\VSS.reg
[2012/12/09 11:30:04 | 000,003,132 | ---- | M] () -- C:\Users\Olivia\Desktop\EventSystem.reg
[2012/12/09 11:29:44 | 000,002,755 | ---- | M] () -- C:\Users\Olivia\Desktop\txt_fix_w7.reg
[2012/12/09 11:28:16 | 000,002,110 | ---- | M] () -- C:\Users\Olivia\Desktop\reg_fix_w7.reg
[2012/12/08 22:12:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 22:12:51 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 00:37:05 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat
[2012/12/08 00:34:42 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat
[2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences
[2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat
[2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/12/09 11:30:26 | 000,117,174 | ---- | C] () -- C:\Users\Olivia\Desktop\VSS.reg
[2012/12/09 11:30:03 | 000,003,132 | ---- | C] () -- C:\Users\Olivia\Desktop\EventSystem.reg
[2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences
[2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat
[2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat
[2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat
[2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini
[2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus
[2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place
[2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson
[2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient
[2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble
[2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details
[2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller
[2012/12/09 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify
[2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific
[2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba
[2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent
[2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch
[2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 12/6/2012 2:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.49% Memory free
11.90 Gb Paging File | 11.07 Gb Available in Paging File | 93.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.64 Gb Total Space | 624.83 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system |
"{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe |
"{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8103569E-264C-489B-82E0-3E230453C189}" = protocol=58 | dir=in | app=system |
"{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{B239B623-C8E3-4745-B048-84913C0D3114}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe |
"TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe |
"UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"NortonPCCheckup" = Toshiba Laptop Checkup
"Rakion International_is1" = Rakion International
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/29/2012 5:33:09 PM | Computer Name = Olivia-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .
Error - 11/29/2012 5:36:04 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/29/2012 6:31:34 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/29/2012 7:29:27 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: DUI70.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdf25 Exception code: 0xc0000006 Fault offset: 0x000000000005f544
Faulting
process id: 0x5dc Faulting application start time: 0x01cdce813238d76a Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\windows\system32\DUI70.dll
Report
Id: 9d1c531d-3a7c-11e2-aeef-047d7b02a6e7
Error - 11/29/2012 7:29:34 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\dui70.dll for one
of the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer; or
the disk is missing. Windows closed the program Windows Explorer because of this
error. Program: Windows Explorer File: C:\Windows\System32\dui70.dll The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: C00000B5 Disk type: 3
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 18
Description =
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 8193
Description =
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = System Restore | ID = 8193
Description =
Error - 11/30/2012 2:44:42 AM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/30/2012 4:08:14 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected.
Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected.
Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010
Description =
Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected.
Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010
Description =
Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected.
Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
< End of report >
-
Ok so I did the first set of instructions. Normal mode loaded up although very slow... when I hit the windows button then typed MSCONFIG windows was too slow to search for it. It was stuck at "searching." So I had to go to safe mode with networking.
After I opened it up Normal Setup was selected.
On the boot tab Safe boot was not checked.
When I ran the cmd sfc /scannow it stopped at 13% and this message popped up.
"Windows Resource Protection could not perform the requested operation.
Sorry for taking so long to reply. Thank you for the help so far.
-
Never mind here it is
OTL Extras logfile created on: 12/6/2012 2:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.49% Memory free
11.90 Gb Paging File | 11.07 Gb Available in Paging File | 93.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.64 Gb Total Space | 624.83 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system |
"{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe |
"{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8103569E-264C-489B-82E0-3E230453C189}" = protocol=58 | dir=in | app=system |
"{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{B239B623-C8E3-4745-B048-84913C0D3114}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe |
"TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe |
"UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin |
"UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"NortonPCCheckup" = Toshiba Laptop Checkup
"Rakion International_is1" = Rakion International
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/29/2012 5:33:09 PM | Computer Name = Olivia-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .
Error - 11/29/2012 5:36:04 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/29/2012 6:31:34 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/29/2012 7:29:27 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: DUI70.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdf25 Exception code: 0xc0000006 Fault offset: 0x000000000005f544
Faulting
process id: 0x5dc Faulting application start time: 0x01cdce813238d76a Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\windows\system32\DUI70.dll
Report
Id: 9d1c531d-3a7c-11e2-aeef-047d7b02a6e7
Error - 11/29/2012 7:29:34 PM | Computer Name = Olivia-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\dui70.dll for one
of the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer; or
the disk is missing. Windows closed the program Windows Explorer because of this
error. Program: Windows Explorer File: C:\Windows\System32\dui70.dll The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: C00000B5 Disk type: 3
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 18
Description =
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = VSS | ID = 8193
Description =
Error - 11/30/2012 2:27:38 AM | Computer Name = Olivia-PC | Source = System Restore | ID = 8193
Description =
Error - 11/30/2012 2:44:42 AM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/30/2012 4:08:14 PM | Computer Name = Olivia-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected.
Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected.
Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010
Description =
Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected.
Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010
Description =
Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected.
Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001
Description =
< End of report >
-
The extras.txt won't appear on my desktop or anywhere else.
OTL logfile created on: 12/6/2012 2:42:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 5.01 Gb Available Physical Memory | 84.14% Memory free
11.90 Gb Paging File | 10.98 Gb Available in Paging File | 92.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.64 Gb Total Space | 624.90 Gb Free Space | 91.54% Space Free | Partition Type: NTFS
Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Olivia\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys ()
DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}
IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464
IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\
CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/06 14:41:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe
[2012/12/03 12:01:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/03 09:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/12/01 19:51:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup
[2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs
[2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller
[2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2)
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify
[2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify
[2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1
========== Files - Modified Within 30 Days ==========
[2012/12/06 14:41:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe
[2012/12/06 14:37:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/06 14:37:53 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/06 02:20:08 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 02:06:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 02:06:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 01:57:23 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/05 20:05:49 | 000,049,769 | ---- | M] () -- C:\Users\Olivia\Desktop\66066_10151147583807097_1109712913_n.jpg
[2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat
[2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences
[2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat
[2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat
[2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg
[2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk
[2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat
========== Files Created - No Company Name ==========
[2012/12/05 20:05:49 | 000,049,769 | ---- | C] () -- C:\Users\Olivia\Desktop\66066_10151147583807097_1109712913_n.jpg
[2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg
[2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk
[2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences
[2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat
[2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat
[2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat
[2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini
[2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus
[2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place
[2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson
[2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient
[2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble
[2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details
[2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller
[2012/12/06 02:20:22 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify
[2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific
[2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba
[2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent
[2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch
[2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
-
~~Update~~
Still in safe mode with networking
Step 1: Complete
Step 2: Complete all services listed above are shown and checked
Step 3:Complete
Farbar Service Scanner Version: 04-12-2012
Ran by Olivia (administrator) on 04-12-2012 at 16:47:50
Running from "C:\Users\Olivia\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Auto. The default start type is 3.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Step 4:None to my knowledge.
-
So my laptop has been acting up lately. When I start my laptop normally two things happen. One it will essentially freeze. Meaning I cannot click on any icons or do anything even the windows button does not respond. If it does not immediately freeze it will allow me to use my laptop normally for 1-5 minutes then it will freeze. Sometimes all it takes is opening another program in addition to my web browser to trigger it to freeze. (This second action never happened until I disabled all startup programs besides windows programs)
I can only use my laptop in safe mode (currently in safe mode).
I had started here and then I was sent to malware removal. After almost a week the experts at malware believe it is a software/hardware issue.
This is all of the work Jeff and I have done to try to solve the problem.
http://forums.malwar...ic=118765&st=40
Sorry for the wall of text! I hope someone can help me, I will greatly appreciate it! Thank you
-Matt
P.S. Sorry I made another topic I thought this one would've been gone by now.
-
Hi,
Thank you for all of your patience and help Jeff. I will try PC help...hopefully they can help me over there. At least we can be almost certain it probably isn't a malware issue.
-
Update: When I disable everything sometimes it works...sometimes it doesn't. When it does...it is very temporary.
-
On that note it is still running a little slow...and glitchy but it can be used.
-
I disabled them all again and finally it is working normally! I haven't figured out which is causing the problem but it is working atlast! I have no idea how to. Without powering my computer on and off 20+ times.
. But...I might have done it the wrong way. I don't think I have made a full back up. But the only thing I really care about are my word documents and pictures...that will be easy to save just in case.
Windows 7 won't load up?
in Resolved Malware Removal Logs
Posted
Thanks for all of the help. I am going to restore it myself after looking through the suggestions above.