madmatt7
-
Posts
59 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by madmatt7
-
However, I only did step one not step two.
-
So when I try a "clean boot" after I log in the screen remains black. I'm not sure if it takes a long time but after 5 minutes (I tried twice) I shut it down. When I started the computer normally it had the same slow/frozen symptoms I was talking about.
-
When I start my computer it takes a good 30 seconds just for the log in bar to appear. Then once I log in the screen goes black...takes a long time to load. Once my wall paper loads up the bottom tool bar will appear. It will stay blank for 1-10minutes. Then icons will appear in the screen. However, they appear as blank notes, eventually the icons will load up but it is impossible to click on anything. The computer either does not respond or it freezes. I was sent here from PC help, these symptoms are very similar to when I had svc.exe trojan. After having it on my computer for a while when I would start my computer normally it wouldn't respond or remain frozen. Sometimes it will allow me to move my mouse but most times it wouldn't. Now I cannot even use my laptop without safe mode. Sorry for the wall of text.
-
Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.28.01 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Olivia :: OLIVIA-PC [administrator] 12/3/2012 2:58:31 PM mbam-log-2012-12-03 (14-58-31).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 320880 Time elapsed: 27 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
ComboFix 12-12-02.01 - Olivia 12/03/2012 11:57:03.4.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5189 [GMT -5:00] Running from: c:\users\Olivia\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 17:01 . 2012-12-03 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-03 17:01 . 2012-12-03 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-03 14:38 . 2012-12-03 14:41 -------- d-----w- c:\programdata\Battle.net 2012-12-02 00:51 . 2012-12-02 00:51 -------- d-----w- C:\_OTL 2012-11-28 02:29 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53 . 2012-11-27 22:28 -------- d-----w- c:\program files (x86)\PC Checkup 2012-11-24 21:53 . 2012-11-24 21:53 -------- d-----w- c:\users\Olivia\AppData\Local\Programs 2012-11-24 11:46 . 2012-11-27 22:28 -------- d-----w- c:\users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11 . 2012-11-20 08:03 -------- d-----w- c:\program files (x86)\Warcraft III 2012-11-20 06:11 . 2012-11-20 06:15 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 08:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 08:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 06:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 06:35 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-10 03:06 . 2012-11-10 03:06 -------- d-----w- c:\windows\SysWow64\Adobe 2012-11-09 14:25 . 2012-11-27 15:47 -------- d-----w- c:\users\Olivia\AppData\Local\Spotify 2012-11-09 14:24 . 2012-11-28 06:54 -------- d-----w- c:\users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47 . 2012-11-07 04:47 -------- d-----w- c:\users\Olivia\jagexcache1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 08:01 . 2012-09-11 21:41 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-30 23:50 . 2012-10-08 06:47 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-10-08 06:26 . 2012-10-08 06:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26 . 2011-08-01 07:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-29 23:54 . 2012-09-12 23:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 03:16 . 2012-11-02 21:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-14 19:19 . 2012-10-09 18:47 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 18:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472] "Spotify"="c:\users\Olivia\AppData\Roaming\Spotify\Spotify.exe" [2012-11-09 7880664] "Spotify Web Helper"="c:\users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-09 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\Olivia\Desktop\mbar\mbar.exe" [2012-12-03 1341800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-10-02 45176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-21 81880] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-09-19 152640] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] . . Contents of the 'Scheduled Tasks' folder . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://msn.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.10.0.5 216.136.95.2 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:f3,54,a4,0f,23,66,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-03 12:03:06 ComboFix-quarantined-files.txt 2012-12-03 17:03 ComboFix2.txt 2012-11-30 06:33 . Pre-Run: 671,370,891,264 bytes free Post-Run: 671,440,474,112 bytes free . - - End Of File - - 03FA313D9673225E88BCDBE74795244A
-
Found 5 things...crossing my fingers (but I doubt it). Thanks so far though. RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Olivia [Admin rights] Mode : Scan -- Date : 12/03/2012 09:09:48 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (C:\Users\Olivia\Desktop\mbar\mbar.exe /cleanup /s) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++ --- User --- [MBR] e5e44104d64e26e04ccd8f4983d42e20 [bSP] a8936ce11f18d4f178bb4c27e2c2e297 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 699028 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434683392 | Size: 14875 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12032012_02d0909.txt >> RKreport[1]_S_12032012_02d0909.txt
-
No malware was found after scanning my computer.
-
If all of this doesn't work should I try to follow the guide on bleepingcomputer using autorun...or restore to factory settings (I don't know where the my CD is if I have to do that).
-
16:30:04.0234 1180 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:30:05.0139 1180 ============================================================ 16:30:05.0139 1180 Current date / time: 2012/12/02 16:30:05.0139 16:30:05.0139 1180 SystemInfo: 16:30:05.0139 1180 16:30:05.0139 1180 OS Version: 6.1.7601 ServicePack: 1.0 16:30:05.0139 1180 Product type: Workstation 16:30:05.0139 1180 ComputerName: OLIVIA-PC 16:30:05.0139 1180 UserName: Olivia 16:30:05.0139 1180 Windows directory: C:\windows 16:30:05.0139 1180 System windows directory: C:\windows 16:30:05.0139 1180 Running under WOW64 16:30:05.0139 1180 Processor architecture: Intel x64 16:30:05.0139 1180 Number of processors: 4 16:30:05.0139 1180 Page size: 0x1000 16:30:05.0139 1180 Boot type: Safe boot with network 16:30:05.0139 1180 ============================================================ 16:30:05.0716 1180 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:30:05.0716 1180 ============================================================ 16:30:05.0716 1180 \Device\Harddisk0\DR0: 16:30:05.0716 1180 MBR partitions: 16:30:05.0716 1180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x5554A000 16:30:05.0716 1180 ============================================================ 16:30:05.0747 1180 C: <-> \Device\Harddisk0\DR0\Partition1 16:30:05.0747 1180 ============================================================ 16:30:05.0747 1180 Initialize success 16:30:05.0747 1180 ============================================================ 16:30:08.0462 1816 ============================================================ 16:30:08.0462 1816 Scan started 16:30:08.0462 1816 Mode: Manual; 16:30:08.0462 1816 ============================================================ 16:30:08.0555 1816 ================ Scan system memory ======================== 16:30:08.0555 1816 System memory - ok 16:30:08.0555 1816 ================ Scan services ============================= 16:30:08.0774 1816 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 16:30:08.0774 1816 1394ohci - ok 16:30:08.0805 1816 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 16:30:08.0805 1816 ACPI - ok 16:30:08.0836 1816 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 16:30:08.0836 1816 AcpiPmi - ok 16:30:08.0945 1816 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:30:08.0945 1816 AdobeARMservice - ok 16:30:09.0008 1816 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 16:30:09.0008 1816 adp94xx - ok 16:30:09.0054 1816 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 16:30:09.0054 1816 adpahci - ok 16:30:09.0070 1816 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 16:30:09.0086 1816 adpu320 - ok 16:30:09.0101 1816 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 16:30:09.0101 1816 AeLookupSvc - ok 16:30:09.0164 1816 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 16:30:09.0164 1816 AFD - ok 16:30:09.0210 1816 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 16:30:09.0210 1816 agp440 - ok 16:30:09.0226 1816 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 16:30:09.0226 1816 ALG - ok 16:30:09.0242 1816 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 16:30:09.0242 1816 aliide - ok 16:30:09.0257 1816 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 16:30:09.0257 1816 amdide - ok 16:30:09.0288 1816 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 16:30:09.0288 1816 AmdK8 - ok 16:30:09.0304 1816 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 16:30:09.0304 1816 AmdPPM - ok 16:30:09.0335 1816 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 16:30:09.0335 1816 amdsata - ok 16:30:09.0351 1816 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 16:30:09.0351 1816 amdsbs - ok 16:30:09.0382 1816 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 16:30:09.0382 1816 amdxata - ok 16:30:09.0413 1816 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 16:30:09.0413 1816 AppID - ok 16:30:09.0444 1816 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 16:30:09.0444 1816 AppIDSvc - ok 16:30:09.0460 1816 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 16:30:09.0460 1816 Appinfo - ok 16:30:09.0538 1816 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:30:09.0538 1816 Apple Mobile Device - ok 16:30:09.0585 1816 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 16:30:09.0585 1816 arc - ok 16:30:09.0600 1816 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 16:30:09.0600 1816 arcsas - ok 16:30:09.0632 1816 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 16:30:09.0632 1816 AsyncMac - ok 16:30:09.0663 1816 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 16:30:09.0663 1816 atapi - ok 16:30:09.0710 1816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 16:30:09.0710 1816 AudioEndpointBuilder - ok 16:30:09.0725 1816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 16:30:09.0725 1816 AudioSrv - ok 16:30:09.0756 1816 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 16:30:09.0756 1816 AxInstSV - ok 16:30:09.0788 1816 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 16:30:09.0788 1816 b06bdrv - ok 16:30:09.0819 1816 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 16:30:09.0834 1816 b57nd60a - ok 16:30:09.0897 1816 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 16:30:09.0897 1816 BDESVC - ok 16:30:09.0928 1816 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 16:30:09.0928 1816 Beep - ok 16:30:09.0990 1816 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 16:30:10.0006 1816 BFE - ok 16:30:10.0037 1816 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll 16:30:10.0115 1816 BITS - ok 16:30:10.0146 1816 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 16:30:10.0146 1816 blbdrive - ok 16:30:10.0224 1816 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:30:10.0240 1816 Bonjour Service - ok 16:30:10.0271 1816 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 16:30:10.0271 1816 bowser - ok 16:30:10.0318 1816 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 16:30:10.0318 1816 BrFiltLo - ok 16:30:10.0334 1816 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 16:30:10.0334 1816 BrFiltUp - ok 16:30:10.0365 1816 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 16:30:10.0365 1816 BridgeMP - ok 16:30:10.0396 1816 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 16:30:10.0396 1816 Browser - ok 16:30:10.0427 1816 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 16:30:10.0443 1816 Brserid - ok 16:30:10.0458 1816 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 16:30:10.0458 1816 BrSerWdm - ok 16:30:10.0474 1816 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 16:30:10.0474 1816 BrUsbMdm - ok 16:30:10.0490 1816 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 16:30:10.0490 1816 BrUsbSer - ok 16:30:10.0505 1816 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 16:30:10.0505 1816 BTHMODEM - ok 16:30:10.0536 1816 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 16:30:10.0536 1816 bthserv - ok 16:30:10.0568 1816 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 16:30:10.0568 1816 cdfs - ok 16:30:10.0599 1816 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 16:30:10.0599 1816 cdrom - ok 16:30:10.0646 1816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 16:30:10.0646 1816 CertPropSvc - ok 16:30:10.0692 1816 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 16:30:10.0692 1816 circlass - ok 16:30:10.0708 1816 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 16:30:10.0708 1816 CLFS - ok 16:30:10.0786 1816 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:30:10.0786 1816 clr_optimization_v2.0.50727_32 - ok 16:30:10.0833 1816 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:30:10.0848 1816 clr_optimization_v2.0.50727_64 - ok 16:30:10.0911 1816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:30:10.0942 1816 clr_optimization_v4.0.30319_32 - ok 16:30:10.0973 1816 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:30:10.0989 1816 clr_optimization_v4.0.30319_64 - ok 16:30:11.0004 1816 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 16:30:11.0004 1816 CmBatt - ok 16:30:11.0036 1816 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 16:30:11.0036 1816 cmdide - ok 16:30:11.0082 1816 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 16:30:11.0082 1816 CNG - ok 16:30:11.0160 1816 [ 20506F12AFAD3DB588D007EA9325FBBC ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys 16:30:11.0176 1816 CnxtHdAudService - ok 16:30:11.0223 1816 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 16:30:11.0223 1816 Compbatt - ok 16:30:11.0254 1816 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 16:30:11.0254 1816 CompositeBus - ok 16:30:11.0270 1816 COMSysApp - ok 16:30:11.0285 1816 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 16:30:11.0285 1816 crcdisk - ok 16:30:11.0332 1816 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 16:30:11.0332 1816 CryptSvc - ok 16:30:11.0394 1816 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys 16:30:11.0394 1816 dc3d - ok 16:30:11.0426 1816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 16:30:11.0426 1816 DcomLaunch - ok 16:30:11.0457 1816 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 16:30:11.0457 1816 defragsvc - ok 16:30:11.0504 1816 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 16:30:11.0504 1816 DfsC - ok 16:30:11.0535 1816 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 16:30:11.0550 1816 Dhcp - ok 16:30:11.0550 1816 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 16:30:11.0550 1816 discache - ok 16:30:11.0582 1816 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 16:30:11.0582 1816 Disk - ok 16:30:11.0597 1816 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 16:30:11.0597 1816 Dnscache - ok 16:30:11.0628 1816 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 16:30:11.0628 1816 dot3svc - ok 16:30:11.0628 1816 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 16:30:11.0644 1816 DPS - ok 16:30:11.0675 1816 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 16:30:11.0675 1816 drmkaud - ok 16:30:11.0706 1816 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 16:30:11.0706 1816 DXGKrnl - ok 16:30:11.0753 1816 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 16:30:11.0753 1816 EapHost - ok 16:30:11.0831 1816 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 16:30:11.0878 1816 ebdrv - ok 16:30:11.0909 1816 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 16:30:11.0909 1816 EFS - ok 16:30:11.0956 1816 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 16:30:11.0956 1816 ehRecvr - ok 16:30:11.0987 1816 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 16:30:11.0987 1816 ehSched - ok 16:30:12.0018 1816 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 16:30:12.0034 1816 elxstor - ok 16:30:12.0081 1816 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe 16:30:12.0096 1816 EpsonCustomerParticipation - ok 16:30:12.0096 1816 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 16:30:12.0096 1816 ErrDev - ok 16:30:12.0143 1816 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 16:30:12.0143 1816 EventSystem - ok 16:30:12.0159 1816 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 16:30:12.0174 1816 exfat - ok 16:30:12.0221 1816 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 16:30:12.0221 1816 fastfat - ok 16:30:12.0268 1816 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 16:30:12.0284 1816 Fax - ok 16:30:12.0299 1816 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 16:30:12.0299 1816 fdc - ok 16:30:12.0330 1816 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 16:30:12.0330 1816 fdPHost - ok 16:30:12.0346 1816 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 16:30:12.0346 1816 FDResPub - ok 16:30:12.0362 1816 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 16:30:12.0377 1816 FileInfo - ok 16:30:12.0377 1816 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 16:30:12.0377 1816 Filetrace - ok 16:30:12.0408 1816 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 16:30:12.0408 1816 flpydisk - ok 16:30:12.0424 1816 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 16:30:12.0440 1816 FltMgr - ok 16:30:12.0471 1816 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 16:30:12.0486 1816 FontCache - ok 16:30:12.0518 1816 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:30:12.0518 1816 FontCache3.0.0.0 - ok 16:30:12.0533 1816 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 16:30:12.0533 1816 FsDepends - ok 16:30:12.0564 1816 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 16:30:12.0564 1816 fssfltr - ok 16:30:12.0627 1816 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 16:30:12.0658 1816 fsssvc - ok 16:30:12.0674 1816 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 16:30:12.0674 1816 Fs_Rec - ok 16:30:12.0720 1816 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 16:30:12.0720 1816 fvevol - ok 16:30:12.0736 1816 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 16:30:12.0736 1816 gagp30kx - ok 16:30:12.0767 1816 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 16:30:12.0783 1816 gpsvc - ok 16:30:12.0876 1816 [ 721CE1551F8198714F3CABFE2147939B ] Gun C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys 16:30:12.0876 1816 Gun - ok 16:30:12.0954 1816 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:30:12.0954 1816 gupdate - ok 16:30:12.0954 1816 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:30:12.0970 1816 gupdatem - ok 16:30:12.0986 1816 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 16:30:12.0986 1816 gusvc - ok 16:30:13.0017 1816 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 16:30:13.0017 1816 hcw85cir - ok 16:30:13.0032 1816 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 16:30:13.0048 1816 HdAudAddService - ok 16:30:13.0064 1816 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 16:30:13.0064 1816 HDAudBus - ok 16:30:13.0079 1816 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 16:30:13.0079 1816 HidBatt - ok 16:30:13.0095 1816 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 16:30:13.0110 1816 HidBth - ok 16:30:13.0110 1816 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 16:30:13.0126 1816 HidIr - ok 16:30:13.0142 1816 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll 16:30:13.0142 1816 hidserv - ok 16:30:13.0173 1816 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 16:30:13.0173 1816 HidUsb - ok 16:30:13.0204 1816 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 16:30:13.0204 1816 hkmsvc - ok 16:30:13.0220 1816 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 16:30:13.0220 1816 HomeGroupListener - ok 16:30:13.0251 1816 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 16:30:13.0251 1816 HomeGroupProvider - ok 16:30:13.0266 1816 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 16:30:13.0282 1816 HpSAMD - ok 16:30:13.0298 1816 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 16:30:13.0313 1816 HTTP - ok 16:30:13.0329 1816 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 16:30:13.0329 1816 hwpolicy - ok 16:30:13.0360 1816 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 16:30:13.0360 1816 i8042prt - ok 16:30:13.0407 1816 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 16:30:13.0422 1816 iaStor - ok 16:30:13.0454 1816 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 16:30:13.0454 1816 iaStorV - ok 16:30:13.0516 1816 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 16:30:13.0516 1816 IDriverT - ok 16:30:13.0563 1816 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:30:13.0563 1816 idsvc - ok 16:30:13.0812 1816 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 16:30:14.0000 1816 igfx - ok 16:30:14.0015 1816 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 16:30:14.0015 1816 iirsp - ok 16:30:14.0046 1816 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 16:30:14.0062 1816 IKEEXT - ok 16:30:14.0109 1816 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 16:30:14.0109 1816 IntcDAud - ok 16:30:14.0125 1816 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 16:30:14.0140 1816 intelide - ok 16:30:14.0156 1816 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 16:30:14.0171 1816 intelppm - ok 16:30:14.0203 1816 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 16:30:14.0218 1816 IPBusEnum - ok 16:30:14.0234 1816 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 16:30:14.0234 1816 IpFilterDriver - ok 16:30:14.0265 1816 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 16:30:14.0281 1816 iphlpsvc - ok 16:30:14.0296 1816 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 16:30:14.0296 1816 IPMIDRV - ok 16:30:14.0296 1816 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 16:30:14.0296 1816 IPNAT - ok 16:30:14.0327 1816 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 16:30:14.0327 1816 IRENUM - ok 16:30:14.0359 1816 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 16:30:14.0359 1816 isapnp - ok 16:30:14.0374 1816 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 16:30:14.0374 1816 iScsiPrt - ok 16:30:14.0405 1816 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 16:30:14.0405 1816 kbdclass - ok 16:30:14.0421 1816 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 16:30:14.0421 1816 kbdhid - ok 16:30:14.0437 1816 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 16:30:14.0437 1816 KeyIso - ok 16:30:14.0468 1816 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 16:30:14.0468 1816 KSecDD - ok 16:30:14.0483 1816 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 16:30:14.0483 1816 KSecPkg - ok 16:30:14.0515 1816 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 16:30:14.0515 1816 ksthunk - ok 16:30:14.0546 1816 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 16:30:14.0546 1816 KtmRm - ok 16:30:14.0577 1816 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys 16:30:14.0593 1816 L1C - ok 16:30:14.0624 1816 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll 16:30:14.0639 1816 LanmanServer - ok 16:30:14.0655 1816 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 16:30:14.0655 1816 LanmanWorkstation - ok 16:30:14.0702 1816 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 16:30:14.0702 1816 lltdio - ok 16:30:14.0717 1816 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 16:30:14.0733 1816 lltdsvc - ok 16:30:14.0733 1816 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 16:30:14.0733 1816 lmhosts - ok 16:30:14.0827 1816 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 16:30:14.0827 1816 LMS - ok 16:30:14.0842 1816 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 16:30:14.0842 1816 LSI_FC - ok 16:30:14.0873 1816 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 16:30:14.0873 1816 LSI_SAS - ok 16:30:14.0889 1816 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 16:30:14.0889 1816 LSI_SAS2 - ok 16:30:14.0905 1816 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 16:30:14.0905 1816 LSI_SCSI - ok 16:30:14.0951 1816 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 16:30:14.0951 1816 luafv - ok 16:30:15.0014 1816 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 16:30:15.0014 1816 MBAMProtector - ok 16:30:15.0061 1816 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 16:30:15.0061 1816 MBAMScheduler - ok 16:30:15.0092 1816 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:30:15.0107 1816 MBAMService - ok 16:30:15.0139 1816 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 16:30:15.0139 1816 Mcx2Svc - ok 16:30:15.0154 1816 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 16:30:15.0154 1816 megasas - ok 16:30:15.0185 1816 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 16:30:15.0201 1816 MegaSR - ok 16:30:15.0232 1816 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 16:30:15.0232 1816 MEIx64 - ok 16:30:15.0263 1816 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 16:30:15.0263 1816 MMCSS - ok 16:30:15.0279 1816 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 16:30:15.0279 1816 Modem - ok 16:30:15.0310 1816 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 16:30:15.0310 1816 monitor - ok 16:30:15.0341 1816 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 16:30:15.0341 1816 mouclass - ok 16:30:15.0357 1816 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 16:30:15.0357 1816 mouhid - ok 16:30:15.0388 1816 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 16:30:15.0388 1816 mountmgr - ok 16:30:15.0404 1816 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 16:30:15.0404 1816 mpio - ok 16:30:15.0419 1816 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 16:30:15.0419 1816 mpsdrv - ok 16:30:15.0451 1816 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 16:30:15.0466 1816 MpsSvc - ok 16:30:15.0482 1816 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 16:30:15.0482 1816 MRxDAV - ok 16:30:15.0513 1816 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 16:30:15.0513 1816 mrxsmb - ok 16:30:15.0544 1816 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 16:30:15.0544 1816 mrxsmb10 - ok 16:30:15.0544 1816 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 16:30:15.0560 1816 mrxsmb20 - ok 16:30:15.0560 1816 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys 16:30:15.0560 1816 msahci - ok 16:30:15.0575 1816 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 16:30:15.0575 1816 msdsm - ok 16:30:15.0591 1816 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 16:30:15.0591 1816 MSDTC - ok 16:30:15.0622 1816 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 16:30:15.0638 1816 Msfs - ok 16:30:15.0653 1816 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 16:30:15.0653 1816 mshidkmdf - ok 16:30:15.0669 1816 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 16:30:15.0669 1816 msisadrv - ok 16:30:15.0700 1816 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 16:30:15.0700 1816 MSiSCSI - ok 16:30:15.0700 1816 msiserver - ok 16:30:15.0731 1816 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 16:30:15.0731 1816 MSKSSRV - ok 16:30:15.0747 1816 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 16:30:15.0747 1816 MSPCLOCK - ok 16:30:15.0747 1816 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 16:30:15.0763 1816 MSPQM - ok 16:30:15.0778 1816 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 16:30:15.0778 1816 MsRPC - ok 16:30:15.0794 1816 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 16:30:15.0794 1816 mssmbios - ok 16:30:15.0794 1816 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 16:30:15.0794 1816 MSTEE - ok 16:30:15.0794 1816 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 16:30:15.0794 1816 MTConfig - ok 16:30:15.0809 1816 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 16:30:15.0809 1816 Mup - ok 16:30:15.0841 1816 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 16:30:15.0856 1816 napagent - ok 16:30:15.0887 1816 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 16:30:15.0887 1816 NativeWifiP - ok 16:30:15.0950 1816 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 16:30:15.0965 1816 NDIS - ok 16:30:15.0997 1816 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 16:30:15.0997 1816 NdisCap - ok 16:30:16.0012 1816 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 16:30:16.0012 1816 NdisTapi - ok 16:30:16.0043 1816 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 16:30:16.0043 1816 Ndisuio - ok 16:30:16.0059 1816 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 16:30:16.0059 1816 NdisWan - ok 16:30:16.0075 1816 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 16:30:16.0075 1816 NDProxy - ok 16:30:16.0106 1816 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 16:30:16.0106 1816 NetBIOS - ok 16:30:16.0137 1816 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 16:30:16.0137 1816 NetBT - ok 16:30:16.0153 1816 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 16:30:16.0153 1816 Netlogon - ok 16:30:16.0215 1816 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 16:30:16.0215 1816 Netman - ok 16:30:16.0231 1816 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 16:30:16.0246 1816 netprofm - ok 16:30:16.0277 1816 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:30:16.0277 1816 NetTcpPortSharing - ok 16:30:16.0293 1816 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 16:30:16.0293 1816 nfrd960 - ok 16:30:16.0324 1816 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 16:30:16.0324 1816 NlaSvc - ok 16:30:16.0340 1816 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 16:30:16.0340 1816 Npfs - ok 16:30:16.0371 1816 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 16:30:16.0371 1816 nsi - ok 16:30:16.0387 1816 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 16:30:16.0387 1816 nsiproxy - ok 16:30:16.0433 1816 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 16:30:16.0449 1816 Ntfs - ok 16:30:16.0465 1816 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 16:30:16.0465 1816 Null - ok 16:30:16.0496 1816 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 16:30:16.0496 1816 nvraid - ok 16:30:16.0511 1816 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 16:30:16.0511 1816 nvstor - ok 16:30:16.0527 1816 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 16:30:16.0527 1816 nv_agp - ok 16:30:16.0621 1816 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:30:16.0636 1816 odserv - ok 16:30:16.0667 1816 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 16:30:16.0667 1816 ohci1394 - ok 16:30:16.0699 1816 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:30:16.0699 1816 ose - ok 16:30:16.0730 1816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 16:30:16.0745 1816 p2pimsvc - ok 16:30:16.0761 1816 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 16:30:16.0761 1816 p2psvc - ok 16:30:16.0777 1816 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 16:30:16.0777 1816 Parport - ok 16:30:16.0808 1816 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 16:30:16.0808 1816 partmgr - ok 16:30:16.0855 1816 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 16:30:16.0855 1816 PcaSvc - ok 16:30:16.0870 1816 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 16:30:16.0886 1816 pci - ok 16:30:16.0901 1816 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys 16:30:16.0901 1816 pciide - ok 16:30:16.0917 1816 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 16:30:16.0917 1816 pcmcia - ok 16:30:16.0933 1816 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 16:30:16.0933 1816 pcw - ok 16:30:16.0964 1816 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 16:30:16.0964 1816 PEAUTH - ok 16:30:17.0011 1816 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 16:30:17.0135 1816 PerfHost - ok 16:30:17.0167 1816 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys 16:30:17.0167 1816 PGEffect - ok 16:30:17.0213 1816 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 16:30:17.0229 1816 pla - ok 16:30:17.0260 1816 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 16:30:17.0260 1816 PlugPlay - ok 16:30:17.0276 1816 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 16:30:17.0276 1816 PNRPAutoReg - ok 16:30:17.0291 1816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 16:30:17.0291 1816 PNRPsvc - ok 16:30:17.0338 1816 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\windows\system32\DRIVERS\point64.sys 16:30:17.0338 1816 Point64 - ok 16:30:17.0369 1816 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 16:30:17.0385 1816 PolicyAgent - ok 16:30:17.0401 1816 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 16:30:17.0401 1816 Power - ok 16:30:17.0432 1816 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 16:30:17.0447 1816 PptpMiniport - ok 16:30:17.0463 1816 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 16:30:17.0463 1816 Processor - ok 16:30:17.0494 1816 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 16:30:17.0510 1816 ProfSvc - ok 16:30:17.0525 1816 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 16:30:17.0525 1816 ProtectedStorage - ok 16:30:17.0557 1816 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 16:30:17.0557 1816 Psched - ok 16:30:17.0588 1816 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys 16:30:17.0588 1816 QIOMem - ok 16:30:17.0635 1816 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 16:30:17.0650 1816 ql2300 - ok 16:30:17.0681 1816 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 16:30:17.0681 1816 ql40xx - ok 16:30:17.0697 1816 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 16:30:17.0697 1816 QWAVE - ok 16:30:17.0713 1816 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 16:30:17.0713 1816 QWAVEdrv - ok 16:30:17.0822 1816 [ 883082A146E548364AF4A8EAE830C653 ] rak C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys 16:30:17.0837 1816 rak - ok 16:30:17.0853 1816 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 16:30:17.0853 1816 RasAcd - ok 16:30:17.0884 1816 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 16:30:17.0884 1816 RasAgileVpn - ok 16:30:17.0915 1816 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 16:30:17.0915 1816 RasAuto - ok 16:30:17.0931 1816 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 16:30:17.0931 1816 Rasl2tp - ok 16:30:17.0947 1816 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 16:30:17.0962 1816 RasMan - ok 16:30:17.0993 1816 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 16:30:17.0993 1816 RasPppoe - ok 16:30:18.0009 1816 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 16:30:18.0009 1816 RasSstp - ok 16:30:18.0025 1816 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 16:30:18.0025 1816 rdbss - ok 16:30:18.0040 1816 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 16:30:18.0040 1816 rdpbus - ok 16:30:18.0056 1816 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 16:30:18.0056 1816 RDPCDD - ok 16:30:18.0071 1816 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 16:30:18.0071 1816 RDPENCDD - ok 16:30:18.0071 1816 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 16:30:18.0087 1816 RDPREFMP - ok 16:30:18.0103 1816 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 16:30:18.0103 1816 RDPWD - ok 16:30:18.0149 1816 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 16:30:18.0165 1816 rdyboost - ok 16:30:18.0212 1816 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 16:30:18.0227 1816 RemoteAccess - ok 16:30:18.0243 1816 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 16:30:18.0243 1816 RemoteRegistry - ok 16:30:18.0290 1816 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys 16:30:18.0290 1816 RMCAST - ok 16:30:18.0321 1816 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 16:30:18.0321 1816 RpcEptMapper - ok 16:30:18.0337 1816 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 16:30:18.0337 1816 RpcLocator - ok 16:30:18.0368 1816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 16:30:18.0368 1816 RpcSs - ok 16:30:18.0399 1816 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 16:30:18.0399 1816 rspndr - ok 16:30:18.0430 1816 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 16:30:18.0430 1816 RSUSBSTOR - ok 16:30:18.0446 1816 [ E5DC911D0FEB72CAFF2BBDD6E7C3672F ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys 16:30:18.0446 1816 RSUSBVSTOR - ok 16:30:18.0508 1816 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys 16:30:18.0508 1816 RTL8192Ce - ok 16:30:18.0524 1816 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 16:30:18.0524 1816 SamSs - ok 16:30:18.0555 1816 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 16:30:18.0555 1816 sbp2port - ok 16:30:18.0586 1816 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 16:30:18.0586 1816 SCardSvr - ok 16:30:18.0602 1816 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 16:30:18.0602 1816 scfilter - ok 16:30:18.0633 1816 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 16:30:18.0649 1816 Schedule - ok 16:30:18.0664 1816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 16:30:18.0664 1816 SCPolicySvc - ok 16:30:18.0680 1816 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 16:30:18.0680 1816 SDRSVC - ok 16:30:18.0727 1816 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 16:30:18.0727 1816 secdrv - ok 16:30:18.0727 1816 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 16:30:18.0727 1816 seclogon - ok 16:30:18.0742 1816 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll 16:30:18.0742 1816 SENS - ok 16:30:18.0758 1816 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 16:30:18.0758 1816 SensrSvc - ok 16:30:18.0789 1816 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 16:30:18.0789 1816 Serenum - ok 16:30:18.0820 1816 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 16:30:18.0820 1816 Serial - ok 16:30:18.0836 1816 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 16:30:18.0836 1816 sermouse - ok 16:30:18.0851 1816 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 16:30:18.0867 1816 SessionEnv - ok 16:30:18.0867 1816 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 16:30:18.0867 1816 sffdisk - ok 16:30:18.0867 1816 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 16:30:18.0867 1816 sffp_mmc - ok 16:30:18.0898 1816 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 16:30:18.0898 1816 sffp_sd - ok 16:30:18.0914 1816 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 16:30:18.0914 1816 sfloppy - ok 16:30:18.0945 1816 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 16:30:18.0945 1816 SharedAccess - ok 16:30:18.0976 1816 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 16:30:18.0976 1816 ShellHWDetection - ok 16:30:19.0007 1816 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 16:30:19.0007 1816 SiSRaid2 - ok 16:30:19.0023 1816 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 16:30:19.0023 1816 SiSRaid4 - ok 16:30:19.0054 1816 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 16:30:19.0054 1816 Smb - ok 16:30:19.0085 1816 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 16:30:19.0085 1816 SNMPTRAP - ok 16:30:19.0163 1816 [ CA995441849163F173BDD8A7E17E24E8 ] SophosVirusRemovalTool C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe 16:30:19.0163 1816 SophosVirusRemovalTool - ok 16:30:19.0179 1816 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 16:30:19.0179 1816 spldr - ok 16:30:19.0210 1816 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 16:30:19.0210 1816 Spooler - ok 16:30:19.0288 1816 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 16:30:19.0319 1816 sppsvc - ok 16:30:19.0335 1816 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 16:30:19.0351 1816 sppuinotify - ok 16:30:19.0382 1816 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 16:30:19.0382 1816 srv - ok 16:30:19.0397 1816 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 16:30:19.0397 1816 srv2 - ok 16:30:19.0429 1816 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS 16:30:19.0429 1816 SrvHsfHDA - ok 16:30:19.0475 1816 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS 16:30:19.0507 1816 SrvHsfV92 - ok 16:30:19.0538 1816 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS 16:30:19.0553 1816 SrvHsfWinac - ok 16:30:19.0569 1816 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 16:30:19.0569 1816 srvnet - ok 16:30:19.0600 1816 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 16:30:19.0600 1816 SSDPSRV - ok 16:30:19.0616 1816 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 16:30:19.0616 1816 SstpSvc - ok 16:30:19.0631 1816 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 16:30:19.0631 1816 stexstor - ok 16:30:19.0678 1816 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 16:30:19.0678 1816 stisvc - ok 16:30:19.0694 1816 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 16:30:19.0694 1816 swenum - ok 16:30:19.0725 1816 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 16:30:19.0741 1816 swprv - ok 16:30:19.0787 1816 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 16:30:19.0787 1816 SynTP - ok 16:30:19.0850 1816 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 16:30:19.0865 1816 SysMain - ok 16:30:19.0881 1816 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 16:30:19.0881 1816 TabletInputService - ok 16:30:19.0897 1816 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 16:30:19.0912 1816 TapiSrv - ok 16:30:19.0928 1816 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 16:30:19.0928 1816 TBS - ok 16:30:19.0990 1816 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 16:30:20.0006 1816 Tcpip - ok 16:30:20.0037 1816 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 16:30:20.0053 1816 TCPIP6 - ok 16:30:20.0084 1816 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 16:30:20.0084 1816 tcpipreg - ok 16:30:20.0115 1816 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys 16:30:20.0115 1816 tdcmdpst - ok 16:30:20.0146 1816 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 16:30:20.0146 1816 TDPIPE - ok 16:30:20.0162 1816 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 16:30:20.0162 1816 TDTCP - ok 16:30:20.0193 1816 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 16:30:20.0193 1816 tdx - ok 16:30:20.0209 1816 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 16:30:20.0209 1816 TermDD - ok 16:30:20.0240 1816 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 16:30:20.0240 1816 TermService - ok 16:30:20.0271 1816 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 16:30:20.0271 1816 Themes - ok 16:30:20.0287 1816 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 16:30:20.0287 1816 THREADORDER - ok 16:30:20.0365 1816 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 16:30:20.0365 1816 TMachInfo - ok 16:30:20.0380 1816 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe 16:30:20.0380 1816 TODDSrv - ok 16:30:20.0489 1816 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 16:30:20.0489 1816 TosCoSrv - ok 16:30:20.0536 1816 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe 16:30:20.0536 1816 TOSHIBA eco Utility Service - ok 16:30:20.0599 1816 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 16:30:20.0599 1816 TOSHIBA HDD SSD Alert Service - ok 16:30:20.0645 1816 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys 16:30:20.0645 1816 tos_sps64 - ok 16:30:20.0692 1816 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 16:30:20.0692 1816 TPCHSrv - ok 16:30:20.0723 1816 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 16:30:20.0723 1816 TrkWks - ok 16:30:20.0770 1816 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 16:30:20.0770 1816 TrustedInstaller - ok 16:30:20.0786 1816 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 16:30:20.0786 1816 tssecsrv - ok 16:30:20.0817 1816 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 16:30:20.0817 1816 TsUsbFlt - ok 16:30:20.0833 1816 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 16:30:20.0833 1816 TsUsbGD - ok 16:30:20.0864 1816 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 16:30:20.0864 1816 tunnel - ok 16:30:20.0895 1816 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS 16:30:20.0895 1816 TVALZ - ok 16:30:20.0911 1816 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys 16:30:20.0911 1816 TVALZFL - ok 16:30:20.0926 1816 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 16:30:20.0926 1816 uagp35 - ok 16:30:20.0957 1816 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 16:30:20.0957 1816 udfs - ok 16:30:20.0989 1816 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 16:30:20.0989 1816 UI0Detect - ok 16:30:21.0004 1816 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 16:30:21.0004 1816 uliagpkx - ok 16:30:21.0035 1816 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 16:30:21.0035 1816 umbus - ok 16:30:21.0051 1816 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 16:30:21.0051 1816 UmPass - ok 16:30:21.0145 1816 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 16:30:21.0176 1816 UNS - ok 16:30:21.0207 1816 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 16:30:21.0207 1816 upnphost - ok 16:30:21.0238 1816 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 16:30:21.0238 1816 USBAAPL64 - ok 16:30:21.0254 1816 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 16:30:21.0254 1816 usbccgp - ok 16:30:21.0285 1816 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 16:30:21.0285 1816 usbcir - ok 16:30:21.0301 1816 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 16:30:21.0301 1816 usbehci - ok 16:30:21.0332 1816 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 16:30:21.0347 1816 usbhub - ok 16:30:21.0347 1816 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 16:30:21.0347 1816 usbohci - ok 16:30:21.0379 1816 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys 16:30:21.0379 1816 usbprint - ok 16:30:21.0394 1816 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 16:30:21.0394 1816 USBSTOR - ok 16:30:21.0410 1816 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 16:30:21.0410 1816 usbuhci - ok 16:30:21.0441 1816 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 16:30:21.0441 1816 usbvideo - ok 16:30:21.0472 1816 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 16:30:21.0472 1816 UxSms - ok 16:30:21.0488 1816 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 16:30:21.0488 1816 VaultSvc - ok 16:30:21.0503 1816 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 16:30:21.0503 1816 vdrvroot - ok 16:30:21.0535 1816 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 16:30:21.0535 1816 vds - ok 16:30:21.0566 1816 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 16:30:21.0566 1816 vga - ok 16:30:21.0581 1816 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 16:30:21.0581 1816 VgaSave - ok 16:30:21.0581 1816 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 16:30:21.0597 1816 vhdmp - ok 16:30:21.0597 1816 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 16:30:21.0597 1816 viaide - ok 16:30:21.0613 1816 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 16:30:21.0628 1816 volmgr - ok 16:30:21.0628 1816 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 16:30:21.0644 1816 volmgrx - ok 16:30:21.0659 1816 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys 16:30:21.0659 1816 volsnap - ok 16:30:21.0675 1816 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 16:30:21.0675 1816 vsmraid - ok 16:30:21.0722 1816 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 16:30:21.0737 1816 VSS - ok 16:30:21.0769 1816 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 16:30:21.0769 1816 vwifibus - ok 16:30:21.0815 1816 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 16:30:21.0815 1816 vwififlt - ok 16:30:21.0815 1816 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 16:30:21.0831 1816 vwifimp - ok 16:30:21.0847 1816 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 16:30:21.0862 1816 W32Time - ok 16:30:21.0878 1816 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 16:30:21.0878 1816 WacomPen - ok 16:30:21.0925 1816 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 16:30:21.0925 1816 WANARP - ok 16:30:21.0925 1816 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 16:30:21.0925 1816 Wanarpv6 - ok 16:30:22.0003 1816 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 16:30:22.0018 1816 WatAdminSvc - ok 16:30:22.0065 1816 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 16:30:22.0081 1816 wbengine - ok 16:30:22.0096 1816 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 16:30:22.0096 1816 WbioSrvc - ok 16:30:22.0112 1816 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 16:30:22.0127 1816 wcncsvc - ok 16:30:22.0190 1816 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 16:30:22.0190 1816 WcsPlugInService - ok 16:30:22.0205 1816 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 16:30:22.0205 1816 Wd - ok 16:30:22.0237 1816 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 16:30:22.0237 1816 Wdf01000 - ok 16:30:22.0252 1816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 16:30:22.0268 1816 WdiServiceHost - ok 16:30:22.0268 1816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 16:30:22.0268 1816 WdiSystemHost - ok 16:30:22.0299 1816 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 16:30:22.0299 1816 WebClient - ok 16:30:22.0315 1816 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 16:30:22.0315 1816 Wecsvc - ok 16:30:22.0330 1816 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 16:30:22.0330 1816 wercplsupport - ok 16:30:22.0361 1816 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 16:30:22.0361 1816 WerSvc - ok 16:30:22.0377 1816 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 16:30:22.0377 1816 WfpLwf - ok 16:30:22.0393 1816 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 16:30:22.0393 1816 WIMMount - ok 16:30:22.0408 1816 WinDefend - ok 16:30:22.0408 1816 WinHttpAutoProxySvc - ok 16:30:22.0439 1816 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 16:30:22.0439 1816 Winmgmt - ok 16:30:22.0517 1816 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 16:30:22.0533 1816 WinRM - ok 16:30:22.0580 1816 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 16:30:22.0580 1816 WinUsb - ok 16:30:22.0611 1816 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 16:30:22.0627 1816 Wlansvc - ok 16:30:22.0720 1816 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:30:22.0736 1816 wlidsvc - ok 16:30:22.0783 1816 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 16:30:22.0783 1816 WmiAcpi - ok 16:30:22.0814 1816 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 16:30:22.0814 1816 wmiApSrv - ok 16:30:22.0845 1816 WMPNetworkSvc - ok 16:30:22.0861 1816 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 16:30:22.0861 1816 WPCSvc - ok 16:30:22.0876 1816 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 16:30:22.0876 1816 WPDBusEnum - ok 16:30:22.0907 1816 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 16:30:22.0907 1816 ws2ifsl - ok 16:30:22.0923 1816 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll 16:30:22.0923 1816 wscsvc - ok 16:30:22.0939 1816 WSearch - ok 16:30:23.0001 1816 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 16:30:23.0017 1816 wuauserv - ok 16:30:23.0048 1816 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 16:30:23.0048 1816 WudfPf - ok 16:30:23.0095 1816 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 16:30:23.0095 1816 WUDFRd - ok 16:30:23.0126 1816 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 16:30:23.0126 1816 wudfsvc - ok 16:30:23.0157 1816 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 16:30:23.0188 1816 WwanSvc - ok 16:30:23.0219 1816 ================ Scan global =============================== 16:30:23.0251 1816 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 16:30:23.0266 1816 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 16:30:23.0282 1816 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 16:30:23.0297 1816 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 16:30:23.0329 1816 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 16:30:23.0329 1816 [Global] - ok 16:30:23.0329 1816 ================ Scan MBR ================================== 16:30:23.0344 1816 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0 16:30:23.0500 1816 \Device\Harddisk0\DR0 - ok 16:30:23.0500 1816 ================ Scan VBR ================================== 16:30:23.0516 1816 [ 5A8CFA1A10E6E40B76B536FBCFA6A759 ] \Device\Harddisk0\DR0\Partition1 16:30:23.0516 1816 \Device\Harddisk0\DR0\Partition1 - ok 16:30:23.0516 1816 ============================================================ 16:30:23.0516 1816 Scan finished 16:30:23.0516 1816 ============================================================ 16:30:23.0516 1296 Detected object count: 0 16:30:23.0516 1296 Actual detected object count: 0 16:30:52.0947 1644 Deinitialize success
-
Yea but the thing I find weird is that I had the same symptoms when Malwarebytes was detecting that I had a svechost.exe trojan about a month-ish ago. When I would start it normally it would not load up/not let me click on icons etc. After MrC helped me the symptoms went away...but now they are back.
-
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2011 10:17:17 PM System Uptime: 12/2/2012 3:27:11 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 683 GiB total, 625.681 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Manufacturer: Microsoft Name: TOSHIBA Web Camera - MP PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Service: usbvideo . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0004 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #4 PNP Device ID: ROOT\*ISATAP\0004 Service: tunnel . ==== System Restore Points =================== . RP155: 11/15/2012 1:29:37 AM - Windows Update RP156: 11/15/2012 3:00:14 AM - Windows Update RP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2 RP158: 11/20/2012 3:53:29 AM - Windows Update RP159: 11/23/2012 9:11:50 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader XI Adobe Shockwave Player 11.6 Apple Mobile Device Support Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Cookienator D3DX10 Epson Connect Epson Customer Participation Epson Event Manager EPSON NX230 Series Printer Uninstall EpsonNet Print Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Netwaiting Panda USB Vaccine 1.0.1.4 Pando Media Booster Photo Common Photo Gallery PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickTime Rakion International Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal Tool Spotify swMSM Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 12/2/2012 4:43:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 12/2/2012 4:43:29 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/2/2012 3:28:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/2/2012 3:28:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/2/2012 3:27:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/2/2012 3:27:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/2/2012 3:27:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/2/2012 3:27:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 12/1/2012 9:15:51 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 12/1/2012 9:15:51 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 12/1/2012 6:52:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {659CDEA7-489E-11D9-A9CD-000D56965251} 12/1/2012 6:28:05 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 12/1/2012 6:18:00 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown. 12/1/2012 2:41:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/30/2012 3:19:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 11/30/2012 3:17:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 11/30/2012 3:16:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 11/30/2012 3:16:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 11/30/2012 3:16:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/30/2012 3:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/30/2012 3:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/30/2012 1:32:13 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/30/2012 1:27:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/29/2012 9:54:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 11/29/2012 7:02:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 11/29/2012 7:01:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/29/2012 2:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect. 11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect. 11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1} 11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F} 11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect. 11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. 11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Olivia at 15:29:39 on 2012-12-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5279 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://msn.com/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096] S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736] . =============== Created Last 30 ================ . 2012-12-02 00:51:08 -------- d-----w- C:\_OTL 2012-11-30 06:41:15 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-29 14:57:41 98816 ----a-w- C:\windows\sed.exe 2012-11-29 14:57:41 256000 ----a-w- C:\windows\PEV.exe 2012-11-29 14:57:41 208896 ----a-w- C:\windows\MBR.exe 2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup 2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs 2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll 2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe 2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify 2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache1 2012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security 2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator 2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll . ============= FINISH: 15:30:30.92 ===============
-
Nothing is loading up when I start my laptop it just freezes completely. I can only start it in safe mode...but now even safe mode is starting to get bad. It runs a little slow sometimes.
-
OTL logfile created on: 12/1/2012 8:01:21 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 86.77% Memory free 11.90 Gb Paging File | 11.12 Gb Available in Paging File | 93.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 625.75 Gb Free Space | 91.67% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Olivia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () ========== Services (SafeList) ========== SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys () DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D} IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464 IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\ CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org) O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/01 19:51:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/30 16:24:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/11/30 01:41:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/29 09:56:45 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe [2012/11/28 22:03:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe [2012/11/28 17:12:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\dds.com [2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup [2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs [2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2) [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify [2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1 [2012/11/02 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/11/02 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator [2012/11/02 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/11/02 16:30:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012/11/02 16:30:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012/11/02 16:30:02 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/02 14:24:18 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/11/02 14:15:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt ========== Files - Modified Within 30 Days ========== [2012/12/01 19:58:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/01 19:58:45 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/12/01 19:57:07 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/01 19:56:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/30 16:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe [2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/11/29 16:42:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/29 16:42:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/11/29 09:56:51 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe [2012/11/28 22:17:22 | 000,000,512 | ---- | M] () -- C:\Users\Olivia\Desktop\MBR.dat [2012/11/28 22:03:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe [2012/11/28 17:12:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\dds.com [2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat [2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/11/02 18:09:52 | 000,002,997 | ---- | M] () -- C:\Users\Olivia\Desktop\Cookienator.lnk [2012/11/02 16:44:59 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/11/02 14:24:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS.MVP ========== Files Created - No Company Name ========== [2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/28 22:11:12 | 000,000,512 | ---- | C] () -- C:\Users\Olivia\Desktop\MBR.dat [2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/11/02 18:09:52 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\Desktop\Cookienator.lnk [2012/11/02 18:09:39 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk [2012/11/02 16:44:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012/11/02 16:44:59 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat [2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini [2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus [2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place [2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson [2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient [2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble [2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details [2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/28 01:54:43 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific [2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba [2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent [2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch [2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
-
I had avast but it wouldn't turn off so I had to uninstall it for ComboFix.
-
https://www.virustotal.com/file/0fa28a3d39d973d93d7209789186ba5e28568bbfe226b4431b2aff64e998bf21/analysis/1354337185/
-
OTL Extras logfile created on: 11/30/2012 4:26:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.59% Memory free 11.90 Gb Paging File | 11.03 Gb Available in Paging File | 92.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 624.25 Gb Free Space | 91.45% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system | "{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system | "{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system | "{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system | "{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system | "{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system | "{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system | "{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe | "{10574154-B228-4102-80DC-2FF244F799A7}" = protocol=58 | dir=in | app=system | "{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1B0A84E5-5883-45AB-A822-F5C277BCC52B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | "TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place "{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "NortonPCCheckup" = Toshiba Laptop Checkup "Rakion International_is1" = Rakion International "Warcraft III" = Warcraft III "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/24/2012 12:23:43 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3229 Error - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 999 Error - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1997 Error - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1997 Error - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8404882 Error - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8404882 [ System Events ] Error - 9/28/2012 9:52:09 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:15:15 AM on ?9/?28/?2012 was unexpected. Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected. Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected. Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected. Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010 Description = Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected. Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001 Description = < End of report >
-
OTL logfile created on: 11/30/2012 4:26:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.59% Memory free 11.90 Gb Paging File | 11.03 Gb Available in Paging File | 92.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682.64 Gb Total Space | 624.25 Gb Free Space | 91.45% Space Free | Partition Type: NTFS Computer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Olivia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll () MOD - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited) SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation) SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys () DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D} IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464 IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{7090B7D4-516F-484F-8421-0262689B88C3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8652C435-BBD9-479B-8AB7-8D6DC0B2A1D3&apn_sauid=03844309-C18B-49A2-A4C8-93519A8584B2 IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{B40C65A6-E072-435C-8872-55AA94053F51}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160 IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\ CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org) O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012/11/30 01:41:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/29 09:56:45 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe [2012/11/28 22:03:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe [2012/11/28 17:12:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\dds.com [2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup [2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs [2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2) [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify [2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1 [2012/11/02 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/11/02 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator [2012/11/02 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/11/02 14:24:18 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/11/02 14:15:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/11/01 12:43:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/30 15:20:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/30 15:20:04 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/11/30 15:13:27 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/29 16:57:11 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/11/29 09:56:51 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe [2012/11/28 22:17:22 | 000,000,512 | ---- | M] () -- C:\Users\Olivia\Desktop\MBR.dat [2012/11/28 22:03:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe [2012/11/28 17:12:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\dds.com [2012/11/28 09:24:33 | 000,060,634 | ---- | M] () -- C:\Users\Olivia\Desktop\35411296390f11e2a07e22000a1f9a28_7.jpg [2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat [2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/11/02 18:09:52 | 000,002,997 | ---- | M] () -- C:\Users\Olivia\Desktop\Cookienator.lnk [2012/11/02 16:44:59 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/11/01 07:41:09 | 618,495,936 | ---- | M] () -- C:\windows\MEMORY.DMP [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/28 22:11:12 | 000,000,512 | ---- | C] () -- C:\Users\Olivia\Desktop\MBR.dat [2012/11/28 09:24:32 | 000,060,634 | ---- | C] () -- C:\Users\Olivia\Desktop\35411296390f11e2a07e22000a1f9a28_7.jpg [2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg [2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk [2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat [2012/11/02 18:09:52 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\Desktop\Cookienator.lnk [2012/11/02 18:09:39 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk [2012/11/02 16:44:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012/11/02 16:44:59 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences [2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat [2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat [2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat [2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini [2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus [2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place [2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson [2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient [2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble [2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details [2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller [2012/11/28 01:54:43 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify [2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific [2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba [2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent [2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch [2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2011/03/01 03:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe [2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe [2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe [2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2011/03/01 03:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe [2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe [2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < End of report >
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Olivia at 15:48:26 on 2012-11-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5209 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://msn.com/ uProxyOverride = <local>;*.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096] S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736] . =============== Created Last 30 ================ . 2012-11-30 06:41:15 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-29 14:57:41 98816 ----a-w- C:\windows\sed.exe 2012-11-29 14:57:41 256000 ----a-w- C:\windows\PEV.exe 2012-11-29 14:57:41 208896 ----a-w- C:\windows\MBR.exe 2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup 2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs 2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll 2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe 2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify 2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache1 2012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security 2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator 2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 17:43:52 -------- d-----w- C:\TDSSKiller_Quarantine . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll . ============= FINISH: 15:49:14.27 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2011 10:17:17 PM System Uptime: 11/30/2012 3:19:58 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 683 GiB total, 624.247 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Manufacturer: Microsoft Name: TOSHIBA Web Camera - MP PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Service: usbvideo . ==== System Restore Points =================== . RP155: 11/15/2012 1:29:37 AM - Windows Update RP156: 11/15/2012 3:00:14 AM - Windows Update RP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2 RP158: 11/20/2012 3:53:29 AM - Windows Update RP159: 11/23/2012 9:11:50 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader XI Adobe Shockwave Player 11.6 Apple Mobile Device Support Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Cookienator D3DX10 Epson Connect Epson Customer Participation Epson Event Manager EPSON NX230 Series Printer Uninstall EpsonNet Print Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Netwaiting Panda USB Vaccine 1.0.1.4 Pando Media Booster Photo Common Photo Gallery PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickTime Rakion International Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal Tool Spotify swMSM Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 11/30/2012 3:21:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/30/2012 3:21:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/30/2012 3:21:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/30/2012 3:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/30/2012 3:20:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/30/2012 3:20:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 11/30/2012 3:19:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 11/30/2012 3:17:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 11/30/2012 3:16:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 11/30/2012 3:16:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 11/30/2012 3:16:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/30/2012 3:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/30/2012 3:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/30/2012 3:12:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 11/30/2012 3:12:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/30/2012 1:32:13 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/30/2012 1:27:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/29/2012 9:54:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 11/29/2012 7:02:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 11/29/2012 7:01:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/29/2012 6:28:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 11/29/2012 2:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect. 11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect. 11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1} 11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F} 11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect. 11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 11/28/2012 1:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. 11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
-
I'll try to explain this the best I can. When I start my computer normally (not smart mode) it takes sometime to load up to the log on screen more than usual. That's the first hint. However, once it starts I cannot open anything. I can't open any programs or access the internet etc. Nothing works. Eventually everything freezes and my mouse just shows up as loading or nothing...I can still move it around.
-
It is still bad. It won't work right still. I feel like it is booting up when I boot it as normal quicker though.
-
ran it twice because the log wasn't popping up the first time for some reason Sorry for taking long. Thanks for the help. ComboFix 12-11-29.02 - Olivia 11/30/2012 1:28.3.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5060 [GMT -5:00] Running from: c:\users\Olivia\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . -- Previous Run -- . Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!SysWOW64!user32.dll . -------- . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 ))))))))))))))))))))))))))))))) . . 2012-11-30 06:32 . 2012-11-30 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-30 00:01 . 2012-11-30 00:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\offreg.dll 2012-11-28 02:29 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53 . 2012-11-27 22:28 -------- d-----w- c:\program files (x86)\PC Checkup 2012-11-24 21:53 . 2012-11-24 21:53 -------- d-----w- c:\users\Olivia\AppData\Local\Programs 2012-11-24 11:46 . 2012-11-27 22:28 -------- d-----w- c:\users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11 . 2012-11-20 08:03 -------- d-----w- c:\program files (x86)\Warcraft III 2012-11-20 06:11 . 2012-11-20 06:15 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 08:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 08:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 06:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 06:35 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-10 03:06 . 2012-11-10 03:06 -------- d-----w- c:\windows\SysWow64\Adobe 2012-11-09 14:25 . 2012-11-27 15:47 -------- d-----w- c:\users\Olivia\AppData\Local\Spotify 2012-11-09 14:24 . 2012-11-28 06:54 -------- d-----w- c:\users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47 . 2012-11-07 04:47 -------- d-----w- c:\users\Olivia\jagexcache1 2012-11-02 23:14 . 2012-11-02 23:14 -------- d-----w- c:\programdata\Panda Security 2012-11-02 23:14 . 2012-11-02 23:14 -------- d-----w- c:\program files (x86)\Panda USB Vaccine 2012-11-02 23:09 . 2012-11-02 23:09 -------- d-----w- c:\program files (x86)\Cookienator 2012-11-02 21:44 . 2012-11-02 21:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-11-02 21:30 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 17:43 . 2012-11-28 05:24 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 08:01 . 2012-09-11 21:41 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-30 23:50 . 2012-10-08 06:47 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-10-08 06:26 . 2012-10-08 06:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26 . 2011-08-01 07:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-29 23:54 . 2012-09-12 23:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-09 18:47 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 18:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472] "Spotify"="c:\users\Olivia\AppData\Roaming\Spotify\Spotify.exe" [2012-11-09 7880664] "Spotify Web Helper"="c:\users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-09 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-08-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-10-02 45176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-21 81880] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-09-19 152640] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] . . Contents of the 'Scheduled Tasks' folder . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://msn.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 128.226.1.11 128.226.1.18 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:f3,54,a4,0f,23,66,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-30 01:33:31 ComboFix-quarantined-files.txt 2012-11-30 06:33 . Pre-Run: 670,215,536,640 bytes free Post-Run: 670,150,135,808 bytes free . - - End Of File - - 543DD02FB08BCA00438B332DF555454D
-
I can't turn off Avast. I've tried the guide you linked above and multiple other online. I even uninstalled it. Should I just run ComboFix anyways? Is it not turning off because I am stuck in safe mode?
-
I got a error screen and my computer had to restart...second time it was fine. aswMBR.txt
-
So I was on my laptop today...and it was working fine. Then when I turned it back on later in the day it booted up normally, however, after entering my password and logging in it runs really slow. I cannot open anything, even start doesn't work. Several times something came up saying Windows 7 could not run or start up...with the option to end process. I have no idea what can be wrong. I have tried to go back to an old restore point but the problem persists. I can only use my laptop on safe mode safe mode with networking/safe mode and cmd prompt. about 20 days ago MrC helped me removed svechost trojan. The guys at PC help sent me over...malware bytes and other programs won't pick up any infections. So I am wondering if I am infected.The symptoms are similar to when I was infected. Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Olivia at 17:14:45 on 2012-11-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5176 [GMT -5:00] . 12-11-20.01) - NTFS_AMD64 NETWORK AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\splwow64.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://msn.com/ uProxyOverride = <local>;*.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096] S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-11-14 984144] S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-11-14 370288] S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-11-14 25232] S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-11-14 71600] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-14 44808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096] S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736] . =============== Created Last 30 ================ . 2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup 2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs 2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll 2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-11-14 14:58:56 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-11-14 14:58:53 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-11-14 14:58:53 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-11-14 14:58:39 41224 ----a-w- C:\windows\avastSS.scr 2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe 2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify 2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache1 2012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security 2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator 2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-02 21:21:23 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-01 17:43:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-10-30 13:22:49 -------- d-----w- C:\Program Files (x86)\Sophos . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys . ============= FINISH: 17:15:35.03 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2011 10:17:17 PM System Uptime: 11/28/2012 5:08:13 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 683 GiB total, 624.515 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: avast! Network Shield Support Device ID: ROOT\LEGACY_ASWTDI\0000 Manufacturer: Name: avast! Network Shield Support PNP Device ID: ROOT\LEGACY_ASWTDI\0000 Service: aswTdi . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Manufacturer: Microsoft Name: TOSHIBA Web Camera - MP PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Service: usbvideo . ==== System Restore Points =================== . RP155: 11/15/2012 1:29:37 AM - Windows Update RP156: 11/15/2012 3:00:14 AM - Windows Update RP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2 RP158: 11/20/2012 3:53:29 AM - Windows Update RP159: 11/23/2012 9:11:50 AM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader XI Adobe Shockwave Player 11.6 Apple Mobile Device Support Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Cookienator D3DX10 Epson Connect Epson Customer Participation Epson Event Manager EPSON NX230 Series Printer Uninstall EpsonNet Print Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Netwaiting Panda USB Vaccine 1.0.1.4 Pando Media Booster Photo Common Photo Gallery PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickTime Rakion International Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal Tool Spotify swMSM Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect. 11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 5:11:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/28/2012 5:09:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/28/2012 5:09:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/28/2012 5:09:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 11/28/2012 5:09:05 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 11/28/2012 5:06:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 11/28/2012 5:06:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 11/28/2012 1:50:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:28:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect. 11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1} 11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F} 11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect. 11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:12:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 11/28/2012 1:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:58:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 11/27/2012 8:58:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 5:58:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. 11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================