madmatt7 Posted November 29, 2012 ID:618147 Share Posted November 29, 2012 So I was on my laptop today...and it was working fine. Then when I turned it back on later in the day it booted up normally, however, after entering my password and logging in it runs really slow. I cannot open anything, even start doesn't work. Several times something came up saying Windows 7 could not run or start up...with the option to end process. I have no idea what can be wrong. I have tried to go back to an old restore point but the problem persists. I can only use my laptop on safe mode safe mode with networking/safe mode and cmd prompt. about 20 days ago MrC helped me removed svechost trojan. The guys at PC help sent me over...malware bytes and other programs won't pick up any infections. So I am wondering if I am infected.The symptoms are similar to when I was infected.Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2Run by Olivia at 17:14:45 on 2012-11-28Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5176 [GMT -5:00].12-11-20.01) - NTFS_AMD64 NETWORKAV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\System32\svchost.exe -k secsvcsC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\splwow64.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://msn.com/uProxyOverride = <local>;*.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /autouRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabTCP: NameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllSSODL: WebCheck - <orphaned>x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dllx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dllx64-Notify: igfxcui - igfxdev.dllHosts: 127.0.0.1 ads.mcafee.comHosts: 127.0.0.1 analytics.microsoft.comHosts: 127.0.0.1 metrics.bitdefender.comHosts: 127.0.0.1 metrics.mcafee.comHosts: 127.0.0.1 om.symantec.com.Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096]S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-11-14 984144]S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-11-14 370288]S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-11-14 25232]S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-11-14 71600]S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-14 44808]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-19 123320]S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-19 126392]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280]S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176]S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928]S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096]S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984]S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304]S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640]S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736].=============== Created Last 30 ================.2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll2012-11-14 14:58:56 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys2012-11-14 14:58:53 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys2012-11-14 14:58:53 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys2012-11-14 14:58:39 41224 ----a-w- C:\windows\avastSS.scr2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache12012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2012-11-02 21:21:23 -------- d-sh--w- C:\$RECYCLE.BIN2012-11-01 17:43:52 -------- d-----w- C:\TDSSKiller_Quarantine2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2012-10-30 13:22:49 -------- d-----w- C:\Program Files (x86)\Sophos.==================== Find3M ====================.2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys.============= FINISH: 17:15:35.03 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 12/30/2011 10:17:17 PMSystem Uptime: 11/28/2012 5:08:13 PM (0 hours ago).Motherboard: Intel Corp. | | Base Board Product NameProcessor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 683 GiB total, 624.515 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: avast! Network Shield SupportDevice ID: ROOT\LEGACY_ASWTDI\0000Manufacturer: Name: avast! Network Shield SupportPNP Device ID: ROOT\LEGACY_ASWTDI\0000Service: aswTdi.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000Manufacturer: MicrosoftName: TOSHIBA Web Camera - MPPNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000Service: usbvideo.==== System Restore Points ===================.RP155: 11/15/2012 1:29:37 AM - Windows UpdateRP156: 11/15/2012 3:00:14 AM - Windows UpdateRP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2RP158: 11/20/2012 3:53:29 AM - Windows UpdateRP159: 11/23/2012 9:11:50 AM - Windows Update.==== Hosts File Hijack ======================.Hosts: 127.0.0.1 ads.mcafee.comHosts: 127.0.0.1 analytics.microsoft.comHosts: 127.0.0.1 metrics.bitdefender.comHosts: 127.0.0.1 metrics.mcafee.comHosts: 127.0.0.1 om.symantec.comHosts: 127.0.0.1 ads.bleepingcomputer.comHosts: 127.0.0.1 wdcs.trendmicro.com.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader XIAdobe Shockwave Player 11.6Apple Mobile Device SupportAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driveravast! Free AntivirusBonjourCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConexant HD AudioCookienatorD3DX10Epson ConnectEpson Customer ParticipationEpson Event ManagerEPSON NX230 Series Printer UninstallEpsonNet PrintGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava 7 Update 9Java Auto UpdaterJunk Mail filter updateLabel@Once 1.0League of LegendsMalwarebytes Anti-Malware version 1.65.1.1000Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Movie MakerMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64NetwaitingPanda USB Vaccine 1.0.1.4Pando Media BoosterPhoto CommonPhoto GalleryPlayReady PC Runtime amd64PlayReady PC Runtime x86QuickTimeRakion InternationalRealtek USB 2.0 Reader DriverRealtek WLAN DriverRuneScape Launcher 1.2.2Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal ToolSpotifyswMSMSynaptics Pointing Device DriverToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inToshiba Online BackupTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Sleep UtilityTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTOSHIBA Wireless LAN IndicatorTOSHIBARegistrationUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Warcraft IIIWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWOT for Internet Explorer.==== Event Viewer Messages From Past Week ========.11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect.11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 5:11:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/28/2012 5:09:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/28/2012 5:09:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/28/2012 5:09:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv611/28/2012 5:09:05 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.11/28/2012 5:06:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.11/28/2012 5:06:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect.11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.11/28/2012 1:50:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:28:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect.11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:12:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.11/28/2012 1:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:58:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.11/27/2012 8:58:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect.11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 5:58:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
jeffce Posted November 29, 2012 ID:618150 Share Posted November 29, 2012 Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete anything unless instructed to.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.Vista and Windows 7 users:These tools MUST be run from the executable (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.--------- Link to post Share on other sites More sharing options...
jeffce Posted November 29, 2012 ID:618151 Share Posted November 29, 2012 Please download aswMBR to your desktop.Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.Click the image to enlarge it---------- Link to post Share on other sites More sharing options...
madmatt7 Posted November 29, 2012 Author ID:618174 Share Posted November 29, 2012 I got a error screen and my computer had to restart...second time it was fine.aswMBR.txt Link to post Share on other sites More sharing options...
jeffce Posted November 29, 2012 ID:618259 Share Posted November 29, 2012 Download Combofix from the link below, and save it to your desktop. Link**Note: It is important that it is saved directly to your desktop**If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here --------------------------------------------------------------------Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review.---------- Link to post Share on other sites More sharing options...
madmatt7 Posted November 29, 2012 Author ID:618310 Share Posted November 29, 2012 I can't turn off Avast. I've tried the guide you linked above and multiple other online. I even uninstalled it. Should I just run ComboFix anyways? Is it not turning off because I am stuck in safe mode? Link to post Share on other sites More sharing options...
jeffce Posted November 29, 2012 ID:618311 Share Posted November 29, 2012 Go ahead and run ComboFix in Safe Mode...that is fine. Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618469 Share Posted November 30, 2012 ran it twice because the log wasn't popping up the first time for some reasonSorry for taking long. Thanks for the help.ComboFix 12-11-29.02 - Olivia 11/30/2012 1:28.3.4 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5060 [GMT -5:00]Running from: c:\users\Olivia\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..-- Previous Run --.Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!SysWOW64!user32.dll .--------..((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))..2012-11-30 06:32 . 2012-11-30 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-30 00:01 . 2012-11-30 00:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\offreg.dll2012-11-28 02:29 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll2012-11-24 21:53 . 2012-11-27 22:28 -------- d-----w- c:\program files (x86)\PC Checkup2012-11-24 21:53 . 2012-11-24 21:53 -------- d-----w- c:\users\Olivia\AppData\Local\Programs2012-11-24 11:46 . 2012-11-27 22:28 -------- d-----w- c:\users\Olivia\AppData\Roaming\PCCUStubInstaller2012-11-20 06:11 . 2012-11-20 08:03 -------- d-----w- c:\program files (x86)\Warcraft III2012-11-20 06:11 . 2012-11-20 06:15 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment2012-11-15 08:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-15 08:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-15 08:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2012-11-15 08:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-15 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-15 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-15 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-15 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-15 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-15 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-15 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-15 06:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll2012-11-15 06:35 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-10 03:06 . 2012-11-10 03:06 -------- d-----w- c:\windows\SysWow64\Adobe2012-11-09 14:25 . 2012-11-27 15:47 -------- d-----w- c:\users\Olivia\AppData\Local\Spotify2012-11-09 14:24 . 2012-11-28 06:54 -------- d-----w- c:\users\Olivia\AppData\Roaming\Spotify2012-11-07 04:47 . 2012-11-07 04:47 -------- d-----w- c:\users\Olivia\jagexcache12012-11-02 23:14 . 2012-11-02 23:14 -------- d-----w- c:\programdata\Panda Security2012-11-02 23:14 . 2012-11-02 23:14 -------- d-----w- c:\program files (x86)\Panda USB Vaccine2012-11-02 23:09 . 2012-11-02 23:09 -------- d-----w- c:\program files (x86)\Cookienator2012-11-02 21:44 . 2012-11-02 21:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-11-02 21:30 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2012-11-01 17:43 . 2012-11-28 05:24 -------- d-----w- C:\TDSSKiller_Quarantine...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-15 08:01 . 2012-09-11 21:41 66395536 ----a-w- c:\windows\system32\MRT.exe2012-10-30 23:50 . 2012-10-08 06:47 285328 ----a-w- c:\windows\system32\aswBoot.exe2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2012-10-08 06:26 . 2012-10-08 06:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2012-10-08 06:26 . 2011-08-01 07:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-09-29 23:54 . 2012-09-12 23:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-14 19:19 . 2012-10-09 18:47 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-09 18:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472]"Spotify"="c:\users\Olivia\AppData\Roaming\Spotify\Spotify.exe" [2012-11-09 7880664]"Spotify Web Helper"="c:\users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-09 1199576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-08-27 123320]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-10-02 45176]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-21 81880]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-09-19 152640]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]..Contents of the 'Scheduled Tasks' folder.2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47].2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://msn.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 128.226.1.11 128.226.1.18.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:f3,54,a4,0f,23,66,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\.[HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-30 01:33:31ComboFix-quarantined-files.txt 2012-11-30 06:33.Pre-Run: 670,215,536,640 bytes freePost-Run: 670,150,135,808 bytes free.- - End Of File - - 543DD02FB08BCA00438B332DF555454D Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618514 Share Posted November 30, 2012 How is your system running now? Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618581 Share Posted November 30, 2012 It is still bad. It won't work right still. I feel like it is booting up when I boot it as normal quicker though. Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618583 Share Posted November 30, 2012 When you say it won't work right, what exactly is happening? Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618586 Share Posted November 30, 2012 I'll try to explain this the best I can. When I start my computer normally (not smart mode) it takes sometime to load up to the log on screen more than usual. That's the first hint. However, once it starts I cannot open anything. I can't open any programs or access the internet etc. Nothing works. Eventually everything freezes and my mouse just shows up as loading or nothing...I can still move it around. Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618588 Share Posted November 30, 2012 Ok....in Safe Mode if needed... run a fresh scan with DDS and post both the DDS.txt and Attach.txt Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618591 Share Posted November 30, 2012 DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORKInternet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2Run by Olivia at 15:48:26 on 2012-11-30Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5209 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\System32\svchost.exe -k secsvcsC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://msn.com/uProxyOverride = <local>;*.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /autouRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabTCP: NameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dllx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dllx64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-19 123320]S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-19 126392]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280]S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176]S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928]S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096]S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984]S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304]S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640]S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736].=============== Created Last 30 ================.2012-11-30 06:41:15 -------- d-sh--w- C:\$RECYCLE.BIN2012-11-29 14:57:41 98816 ----a-w- C:\windows\sed.exe2012-11-29 14:57:41 256000 ----a-w- C:\windows\PEV.exe2012-11-29 14:57:41 208896 ----a-w- C:\windows\MBR.exe2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache12012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2012-11-01 17:43:52 -------- d-----w- C:\TDSSKiller_Quarantine.==================== Find3M ====================.2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll.============= FINISH: 15:49:14.27 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 12/30/2011 10:17:17 PMSystem Uptime: 11/30/2012 3:19:58 PM (0 hours ago).Motherboard: Intel Corp. | | Base Board Product NameProcessor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 683 GiB total, 624.247 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000Manufacturer: MicrosoftName: TOSHIBA Web Camera - MPPNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000Service: usbvideo.==== System Restore Points ===================.RP155: 11/15/2012 1:29:37 AM - Windows UpdateRP156: 11/15/2012 3:00:14 AM - Windows UpdateRP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2RP158: 11/20/2012 3:53:29 AM - Windows UpdateRP159: 11/23/2012 9:11:50 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader XIAdobe Shockwave Player 11.6Apple Mobile Device SupportAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverBonjourCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConexant HD AudioCookienatorD3DX10Epson ConnectEpson Customer ParticipationEpson Event ManagerEPSON NX230 Series Printer UninstallEpsonNet PrintGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava 7 Update 9Java Auto UpdaterJunk Mail filter updateLabel@Once 1.0League of LegendsMalwarebytes Anti-Malware version 1.65.1.1000Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Movie MakerMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64NetwaitingPanda USB Vaccine 1.0.1.4Pando Media BoosterPhoto CommonPhoto GalleryPlayReady PC Runtime amd64PlayReady PC Runtime x86QuickTimeRakion InternationalRealtek USB 2.0 Reader DriverRealtek WLAN DriverRuneScape Launcher 1.2.2Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal ToolSpotifyswMSMSynaptics Pointing Device DriverToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inToshiba Online BackupTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Sleep UtilityTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTOSHIBA Wireless LAN IndicatorTOSHIBARegistrationUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Warcraft IIIWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWOT for Internet Explorer.==== Event Viewer Messages From Past Week ========.11/30/2012 3:21:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/30/2012 3:21:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/30/2012 3:21:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.11/30/2012 3:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/30/2012 3:20:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/30/2012 3:20:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv611/30/2012 3:19:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.11/30/2012 3:17:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.11/30/2012 3:16:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.11/30/2012 3:16:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.11/30/2012 3:16:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/30/2012 3:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/30/2012 3:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/30/2012 3:12:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.11/30/2012 3:12:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/30/2012 1:32:13 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.11/30/2012 1:27:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}11/29/2012 9:54:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv611/29/2012 7:02:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.11/29/2012 7:01:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/29/2012 7:00:59 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/29/2012 6:28:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.11/29/2012 2:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect.11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect.11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect.11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.11/28/2012 1:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect.11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618592 Share Posted November 30, 2012 OTLDownload OTL to your desktop.Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Select All UsersWhen the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity Check.Under the Custom Scan box paste this innetsvcs/md5startconsrv.dllexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stopCREATERESTOREPOINTClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.---------- Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618608 Share Posted November 30, 2012 OTL logfile created on: 11/30/2012 4:26:32 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.59% Memory free11.90 Gb Paging File | 11.03 Gb Available in Paging File | 92.72% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 682.64 Gb Total Space | 624.25 Gb Free Space | 91.45% Space Free | Partition Type: NTFSComputer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Olivia\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)========== Modules (No Company Name) ==========MOD - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll ()MOD - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ()========== Services (SafeList) ==========SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys ()DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys ()DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{7090B7D4-516F-484F-8421-0262689B88C3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8652C435-BBD9-479B-8AB7-8D6DC0B2A1D3&apn_sauid=03844309-C18B-49A2-A4C8-93519A8584B2IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{B40C65A6-E072-435C-8872-55AA94053F51}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)========== Chrome ==========CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dllCHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllCHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)CREATERESTOREPOINTUnable to start System Restore Service. Error code 1084========== Files/Folders - Created Within 30 Days ==========[2012/11/30 01:41:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/29 09:56:45 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe[2012/11/28 22:03:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe[2012/11/28 17:12:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\dds.com[2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup[2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs[2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller[2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2)[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment[2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape[2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe[2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify[2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify[2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1[2012/11/02 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security[2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine[2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security[2012/11/02 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator[2012/11/02 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2012/11/02 14:24:18 | 000,000,000 | ---D | C] -- C:\windows\temp[2012/11/02 14:15:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2012/11/01 12:43:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/11/30 15:20:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2012/11/30 15:20:04 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys[2012/11/30 15:13:27 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/29 16:57:11 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt[2012/11/29 09:56:51 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe[2012/11/28 22:17:22 | 000,000,512 | ---- | M] () -- C:\Users\Olivia\Desktop\MBR.dat[2012/11/28 22:03:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe[2012/11/28 17:12:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\dds.com[2012/11/28 09:24:33 | 000,060,634 | ---- | M] () -- C:\Users\Olivia\Desktop\35411296390f11e2a07e22000a1f9a28_7.jpg[2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat[2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences[2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat[2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat[2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg[2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk[2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat[2012/11/02 18:09:52 | 000,002,997 | ---- | M] () -- C:\Users\Olivia\Desktop\Cookienator.lnk[2012/11/02 16:44:59 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2012/11/01 07:41:09 | 618,495,936 | ---- | M] () -- C:\windows\MEMORY.DMP[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2012/11/28 22:11:12 | 000,000,512 | ---- | C] () -- C:\Users\Olivia\Desktop\MBR.dat[2012/11/28 09:24:32 | 000,060,634 | ---- | C] () -- C:\Users\Olivia\Desktop\35411296390f11e2a07e22000a1f9a28_7.jpg[2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk[2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg[2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk[2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk[2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat[2012/11/02 18:09:52 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\Desktop\Cookienator.lnk[2012/11/02 18:09:39 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk[2012/11/02 16:44:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk[2012/11/02 16:44:59 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences[2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat[2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat[2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat[2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini[2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll========== ZeroAccess Check ==========[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus[2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place[2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson[2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient[2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble[2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details[2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller[2012/11/28 01:54:43 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify[2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific[2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba[2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent[2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch[2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer========== Purity Check ==================== Custom Scans ==========< MD5 for: EXPLORER.EXE >[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe< MD5 for: SVCHOST.EXE >[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe[2011/03/01 03:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe[2011/03/01 03:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe< MD5 for: USERINIT.EXE >[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe< MD5 for: WINLOGON.EXE >[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe< End of report > Link to post Share on other sites More sharing options...
madmatt7 Posted November 30, 2012 Author ID:618609 Share Posted November 30, 2012 OTL Extras logfile created on: 11/30/2012 4:26:32 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.95 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 84.59% Memory free11.90 Gb Paging File | 11.03 Gb Available in Paging File | 92.72% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 682.64 Gb Total Space | 624.25 Gb Free Space | 91.45% Space Free | Partition Type: NTFSComputer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)[HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0314A785-0BC3-4F55-99F5-9B84AFD1435B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{078E5B27-8E6F-45D0-A1E2-B286A6180E04}" = lport=137 | protocol=17 | dir=in | app=system | "{0D21FB47-C15A-4D9E-A2F4-FCD5474C15D2}" = lport=139 | protocol=6 | dir=in | app=system | "{12AE2AFE-0603-4DE8-AEEB-5FC63590D471}" = lport=445 | protocol=6 | dir=in | app=system | "{2C35E834-9AFD-4057-A53E-DA44E405DBE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3DFA81CA-F0A5-453C-B0F0-F2FFA59387AE}" = rport=139 | protocol=6 | dir=out | app=system | "{4FC19F16-5347-41E1-91C3-B151878D72CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5192812B-8D8E-4AB6-85F2-C22F48045E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6041F169-B061-461C-978F-436C14FD0E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67128C96-36D8-4424-BB7F-1C48E78B4289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B51BE8E-39EA-42D6-83D3-303957F2D2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FE3CCC5-28FE-47EE-95AB-6818F2D48996}" = lport=138 | protocol=17 | dir=in | app=system | "{9853661B-752D-4FF4-8F43-D865A93B8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B9F1E64E-A47F-4722-83D5-176B97F45760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BF38226D-4E12-4E2B-84C0-0D1F6E5043BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C6E3F912-5F84-4633-8647-D62B16FFEDF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE24E2F1-AB99-4CAB-A20B-1B892F5BEF1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E1747240-DAEA-406B-9E0C-4602727EE5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25B902B-D265-4029-82AF-6721B4FB4F57}" = rport=138 | protocol=17 | dir=out | app=system | "{E4D0C764-F734-4888-8BCC-A6DEBF2DD6CE}" = rport=137 | protocol=17 | dir=out | app=system | "{FB8518B3-F14A-4218-82F1-C11D9C798F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FE24AA87-491A-41D2-829E-4C9F03B8DAFA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00FF4024-15D0-4CFC-B006-209B19012143}" = dir=in | app=c:\users\olivia\appdata\local\microsoft\skydrive\skydrive.exe | "{10574154-B228-4102-80DC-2FF244F799A7}" = protocol=58 | dir=in | app=system | "{1967388B-45FB-4A16-BC7E-F500F1499389}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1989B778-370D-4A97-A784-A899AA7EA903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1B0A84E5-5883-45AB-A822-F5C277BCC52B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{299616C3-ED83-4E28-A6CD-BF9B0C6C4232}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{366DA3B8-C9E4-40CE-A2DC-FAE6B981D1F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3B4537F0-9CF7-4804-AB71-205EFFC0DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{408577A9-6FD0-4BDA-A941-636F48CD9A50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4264CE19-5CF1-4965-B9F4-2EC537D51684}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4C247DEB-A27F-45A1-99C3-AA9840B14446}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4E19DD86-23AD-4365-A994-A249F039922E}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{543843A0-D695-4FE2-81EF-30240FA851EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{622F305A-C95D-4B1B-8DA4-41ADF59F00AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{62EEA972-C554-404E-9A03-FD3B2A7BC1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66936E4B-72F2-45A9-A069-B17105163905}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6B430FF8-2F20-4D8D-9EFE-92F9E37B09B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6EFD18AE-6E34-448C-8351-9C4803DA307E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{78849950-DFF5-4342-A0B0-0E02D42AC385}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{854EC724-1B74-480A-B8A2-99D504C442E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9003A838-EE42-4020-8839-1D8A12D14007}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{98EA7FFD-4169-4FCD-858C-13022ED4A3D9}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | "{C8D4C075-6BE4-4246-A53E-29442A35D6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{CD5334CE-02EA-43B6-B9FC-7AE4FE971058}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DC864FE6-46C9-4B48-86C9-92825FD63B39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F187B076-699A-4071-B354-89170B6D45AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F899F004-73B7-4F41-8FF8-18BD383C142A}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{3792EBC6-8488-4572-9C83-E4341F1BB19F}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{517B3E13-9B3C-4BD1-8609-9B22F2920CD9}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=6 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "TCP Query User{58541D3D-0281-4668-8ECF-1CB90544A4EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5E2B48E3-3052-414C-AAE3-E997B3D663A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{6541735F-74E9-4AA5-947F-EFEC2919C2E6}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{6A5F99D0-2846-4674-A0D0-9F45BBE6BE96}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "TCP Query User{D304C9BC-F94C-4DDF-AA27-D058A9F5E858}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "TCP Query User{E37FC89A-C907-40E3-8F20-7C97560541D1}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | "TCP Query User{EA7F5040-9F76-432D-AF22-FCC385E9FC8A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EC21213F-E6AB-4654-8302-1CA868DD6D1E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{EDFC9B27-1633-4370-AED7-EABA75CDAD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{FFDECF02-C307-450B-AF07-435502DB9151}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{01F71329-993A-4DBA-AD40-CC269F42C8A1}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{39A8EADF-488F-4178-9C0A-7CF85463AC8C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{3D2AC85B-C9EC-404C-9139-6DB1291FE9AB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{402308AF-835E-416E-85DE-4F7913E2D5C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6A097933-D3D1-4A45-8608-2FC8D520B65B}C:\users\olivia\desktop\new folder (2)\full\sof2mp.exe" = protocol=17 | dir=in | app=c:\users\olivia\desktop\new folder (2)\full\sof2mp.exe | "UDP Query User{856F2F7C-D1C4-4297-87C4-0B7D01AC5834}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9E8D18BA-6187-4E81-8779-6016437D59E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{A9912BC7-7A9F-4048-ACD5-A708612430F4}C:\users\olivia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olivia\appdata\roaming\spotify\spotify.exe | "UDP Query User{B5EF78D2-D816-4367-888F-286001ADC951}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{B5F2B272-3A80-488D-AAD4-3E80C1DE0424}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{D0AC2E45-C8B5-4FE3-A3A7-774087F75ADD}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | "UDP Query User{EF1767BD-6494-4A3B-9552-65D395BF4115}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme | ========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Google Chrome" = Google Chrome"HOMESTUDENTR" = Microsoft Office Home and Student 2007"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000"NortonPCCheckup" = Toshiba Laptop Checkup"Rakion International_is1" = Rakion International"Warcraft III" = Warcraft III"WinLiveSuite" = Windows Live Essentials========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"SkyDriveSetup.exe" = Microsoft SkyDrive"Spotify" = Spotify========== Last 20 Event Log Errors ==========[ Application Events ]Error - 11/24/2012 12:23:43 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 3229Error - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 999Error - 11/24/2012 2:54:06 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 999Error - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1997Error - 11/24/2012 2:54:07 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1997Error - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 8404882Error - 11/24/2012 5:14:10 PM | Computer Name = Olivia-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 8404882[ System Events ]Error - 9/28/2012 9:52:09 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 9:15:15 AM on ?9/?28/?2012 was unexpected.Error - 9/29/2012 2:36:47 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 1:29:01 PM on ?9/?29/?2012 was unexpected.Error - 10/1/2012 12:12:06 PM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 12:08:51 PM on ?10/?1/?2012 was unexpected.Error - 10/1/2012 12:12:21 PM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001Description = Error - 10/5/2012 12:50:30 PM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010Description = Error - 10/6/2012 12:28:29 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 12:27:17 AM on ?10/?6/?2012 was unexpected.Error - 10/6/2012 12:28:41 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001Description = Error - 10/6/2012 3:57:28 AM | Computer Name = Olivia-PC | Source = DCOM | ID = 10010Description = Error - 10/7/2012 12:28:32 AM | Computer Name = Olivia-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 12:04:49 AM on ?10/?7/?2012 was unexpected.Error - 10/7/2012 12:28:46 AM | Computer Name = Olivia-PC | Source = BugCheck | ID = 1001Description = < End of report > Link to post Share on other sites More sharing options...
jeffce Posted December 1, 2012 ID:618694 Share Posted December 1, 2012 Please go to: VirusTotalOn the page you'll find a "Choose File" button.Click on the Choose File button.In the Choose File to Upload window which opens, copy and paste this into the File Name box.C:\windows\ENX230.iniNext, click the Open button.Then click the "Scan It!" button just below.This will scan the file. Please be patient.If you get a message saying File has already been analyzed: click Reanalyze file nowOnce scanned, copy and paste the link to the results page in your next reply.---------- Link to post Share on other sites More sharing options...
madmatt7 Posted December 1, 2012 Author ID:618701 Share Posted December 1, 2012 https://www.virustotal.com/file/0fa28a3d39d973d93d7209789186ba5e28568bbfe226b4431b2aff64e998bf21/analysis/1354337185/ Link to post Share on other sites More sharing options...
jeffce Posted December 1, 2012 ID:618799 Share Posted December 1, 2012 What antivirus program are you using?? Link to post Share on other sites More sharing options...
madmatt7 Posted December 1, 2012 Author ID:618823 Share Posted December 1, 2012 I had avast but it wouldn't turn off so I had to uninstall it for ComboFix. Link to post Share on other sites More sharing options...
jeffce Posted December 2, 2012 ID:618928 Share Posted December 2, 2012 If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.To disable MalwarebytesOpen the scanner and select the Protection tabRemove the tick from "Start Protection Module with Windows" as seen belowOnce complete continue with the instructions...----------Run OTL.exeCopy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL:Services:OTLSRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{7090B7D4-516F-484F-8421-0262689B88C3}: "URL" = http://websearch.ask...C8-93519A8584B2IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\..\SearchScopes\{B40C65A6-E072-435C-8872-55AA94053F51}: "URL" = http://search.condui...&ctid=CT3237160IE - HKU\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.localO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]:Filesipconfig /flushdns /c:Commands[emptytemp][start explorer][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneThen run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )---------- Link to post Share on other sites More sharing options...
madmatt7 Posted December 2, 2012 Author ID:618939 Share Posted December 2, 2012 OTL logfile created on: 12/1/2012 8:01:21 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olivia\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.95 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 86.77% Memory free11.90 Gb Paging File | 11.12 Gb Available in Paging File | 93.48% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 682.64 Gb Total Space | 625.75 Gb Free Space | 91.67% Space Free | Partition Type: NTFSComputer Name: OLIVIA-PC | User Name: Olivia | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Olivia\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)========== Modules (No Company Name) ==========MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ()========== Services (SafeList) ==========SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV - (rak) -- C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys ()DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys ()DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/IE - HKCU\..\SearchScopes,DefaultScope = {067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}IE - HKCU\..\SearchScopes\{067E15C4-8A6A-40FD-87A8-5EA5FDB5337D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS464IE - HKCU\..\SearchScopes\{9C963560-62DE-444F-8DC9-63D466DAB104}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP'>http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)========== Chrome ==========CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dllCHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllCHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: WOT = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\CHR - Extension: YouTube = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\CHR - Extension: Google Search = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\CHR - Extension: Gmail = C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O1 HOSTS File: ([2012/11/29 17:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)O4 - HKCU..\Run: [spotify] C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.1.11 128.226.1.18O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}: DhcpNameServer = 128.226.1.11 128.226.1.18O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/12/01 19:51:08 | 000,000,000 | ---D | C] -- C:\_OTL[2012/11/30 16:24:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe[2012/11/30 01:41:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/29 09:57:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2012/11/29 09:57:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2012/11/29 09:57:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2012/11/29 09:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/29 09:56:45 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe[2012/11/28 22:03:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe[2012/11/28 17:12:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Olivia\Desktop\dds.com[2012/11/24 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup[2012/11/24 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Programs[2012/11/24 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller[2012/11/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\Desktop\New folder (2)[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III[2012/11/20 01:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment[2012/11/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape[2012/11/15 03:09:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys[2012/11/15 03:09:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll[2012/11/15 03:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll[2012/11/15 03:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll[2012/11/15 03:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2012/11/15 03:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2012/11/15 03:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl[2012/11/15 03:03:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll[2012/11/15 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll[2012/11/15 03:03:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe[2012/11/15 03:03:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe[2012/11/15 03:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2012/11/15 03:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl[2012/11/15 03:03:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2012/11/15 03:03:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2012/11/15 03:03:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2012/11/15 03:03:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll[2012/11/15 03:00:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll[2012/11/15 03:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll[2012/11/15 03:00:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe[2012/11/15 03:00:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll[2012/11/15 01:36:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll[2012/11/15 01:36:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll[2012/11/15 01:36:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll[2012/11/15 01:36:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll[2012/11/15 01:36:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll[2012/11/15 01:36:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll[2012/11/15 01:36:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll[2012/11/15 01:36:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll[2012/11/15 01:35:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll[2012/11/15 01:35:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll[2012/11/09 22:06:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe[2012/11/09 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Local\Spotify[2012/11/09 09:24:41 | 000,000,000 | ---D | C] -- C:\Users\Olivia\AppData\Roaming\Spotify[2012/11/06 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Olivia\jagexcache1[2012/11/02 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security[2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine[2012/11/02 18:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security[2012/11/02 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator[2012/11/02 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2012/11/02 16:30:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe[2012/11/02 16:30:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe[2012/11/02 16:30:02 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll[2012/11/02 14:24:18 | 000,000,000 | ---D | C] -- C:\windows\temp[2012/11/02 14:15:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt========== Files - Modified Within 30 Days ==========[2012/12/01 19:58:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2012/12/01 19:58:45 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys[2012/12/01 19:57:07 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2012/12/01 19:56:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/30 16:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olivia\Desktop\OTL.exe[2012/11/29 17:31:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2012/11/29 16:42:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/11/29 16:42:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/11/29 10:05:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt[2012/11/29 09:56:51 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\ComboFix.exe[2012/11/28 22:17:22 | 000,000,512 | ---- | M] () -- C:\Users\Olivia\Desktop\MBR.dat[2012/11/28 22:03:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Olivia\Desktop\aswMBR.exe[2012/11/28 17:12:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Olivia\Desktop\dds.com[2012/11/28 01:35:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2012/11/28 01:35:09 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2012/11/28 01:35:09 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2012/11/20 23:58:46 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\random.dat[2012/11/20 22:51:44 | 000,000,024 | ---- | M] () -- C:\Users\Olivia\jagexappletviewer.preferences[2012/11/20 22:50:51 | 000,000,045 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat[2012/11/19 02:38:00 | 000,000,046 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat[2012/11/15 09:21:59 | 000,310,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2012/11/09 10:04:45 | 000,023,771 | ---- | M] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg[2012/11/09 09:25:02 | 000,001,783 | ---- | M] () -- C:\Users\Olivia\Desktop\Spotify.lnk[2012/11/08 10:00:06 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/11/07 17:37:29 | 000,000,050 | ---- | M] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat[2012/11/02 18:09:52 | 000,002,997 | ---- | M] () -- C:\Users\Olivia\Desktop\Cookienator.lnk[2012/11/02 16:44:59 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2012/11/02 14:24:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS.MVP========== Files Created - No Company Name ==========[2012/11/29 09:57:41 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2012/11/29 09:57:41 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2012/11/29 09:57:41 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2012/11/29 09:57:41 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2012/11/29 09:57:41 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2012/11/28 22:11:12 | 000,000,512 | ---- | C] () -- C:\Users\Olivia\Desktop\MBR.dat[2012/11/17 19:21:33 | 000,002,090 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk[2012/11/15 03:09:05 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf[2012/11/15 03:00:28 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf[2012/11/09 10:04:45 | 000,023,771 | ---- | C] () -- C:\Users\Olivia\Desktop\TPhoto_00001 (2).jpg[2012/11/09 09:25:02 | 000,001,783 | ---- | C] () -- C:\Users\Olivia\Desktop\Spotify.lnk[2012/11/09 09:25:02 | 000,001,769 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk[2012/11/07 17:37:29 | 000,000,050 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE_BETA.dat[2012/11/02 18:09:52 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\Desktop\Cookienator.lnk[2012/11/02 18:09:39 | 000,002,997 | ---- | C] () -- C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk[2012/11/02 16:44:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk[2012/11/02 16:44:59 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2012/10/08 00:52:23 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\jagexappletviewer.preferences[2012/10/06 02:41:08 | 000,000,046 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE1.dat[2012/10/02 23:33:17 | 000,000,045 | ---- | C] () -- C:\Users\Olivia\jagex_cl_runescape_LIVE.dat[2012/10/02 23:33:17 | 000,000,024 | ---- | C] () -- C:\Users\Olivia\random.dat[2012/09/09 23:08:36 | 000,000,045 | ---- | C] () -- C:\windows\ENX230.ini[2011/10/19 01:20:50 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll========== ZeroAccess Check ==========[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2012/09/12 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Ad-Aware Antivirus[2012/07/26 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Book Place[2012/09/10 05:56:35 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Epson[2012/09/03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\LolClient[2012/09/30 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Mumble[2012/07/10 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\ooVoo Details[2012/11/27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller[2012/11/28 01:54:43 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Spotify[2012/03/01 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Tific[2011/12/30 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Toshiba[2012/10/08 01:31:29 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WildTangent[2011/12/30 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\WinBatch[2012/09/11 16:50:06 | 000,000,000 | ---D | M] -- C:\Users\Olivia\AppData\Roaming\Windows Live Writer========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
jeffce Posted December 2, 2012 ID:618973 Share Posted December 2, 2012 How is your system behaving exactly? Link to post Share on other sites More sharing options...
madmatt7 Posted December 2, 2012 Author ID:619037 Share Posted December 2, 2012 Nothing is loading up when I start my laptop it just freezes completely. I can only start it in safe mode...but now even safe mode is starting to get bad. It runs a little slow sometimes. Link to post Share on other sites More sharing options...
Recommended Posts