Sorry for the response time,but,I have to work late some days...... OTL logfile created on: 8/20/2012 8:26:25 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Dianna\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.61 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 52.46% Memory free 9.01 Gb Paging File | 6.97 Gb Available in Paging File | 77.36% Paging File free Paging file location(s): c:\pagefile.sys 5539 5539 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.88 Gb Total Space | 238.00 Gb Free Space | 84.43% Space Free | Partition Type: NTFS Computer Name: DIANNA-PC | User Name: Dianna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/20 20:25:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dianna\Desktop\OTL.com PRC - [2012/08/13 09:49:30 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/12 17:27:19 | 000,131,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe PRC - [2011/04/20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011/04/20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012/08/13 21:30:59 | 000,442,392 | ---- | M] () -- C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll MOD - [2012/08/13 21:30:57 | 003,997,720 | ---- | M] () -- C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll MOD - [2012/08/13 21:29:28 | 000,144,424 | ---- | M] () -- C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll MOD - [2012/08/13 21:29:27 | 000,266,792 | ---- | M] () -- C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll MOD - [2012/08/13 21:29:26 | 002,480,680 | ---- | M] () -- C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/06/09 21:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/06/07 21:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/17 14:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/09 17:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/20 08:39:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/12 17:27:19 | 000,131,512 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS) SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/04/01 14:59:24 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 15:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/06/07 22:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/06/07 21:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/29 16:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/08/20 09:53:26 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120820.002\ex64.sys -- (NAVEX15) DRV - [2012/08/20 09:53:26 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120820.002\eng64.sys -- (NAVENG) DRV - [2012/08/10 17:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/09 12:06:40 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 12:06:40 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/08 07:59:48 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120817.001\IDSviA64.sys -- (IDSVia64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\..\SearchScopes,DefaultScope = {B280D6B7-0BA0-4EB4-BBF8-D986A52B2EEB} IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\..\SearchScopes\{B280D6B7-0BA0-4EB4-BBF8-D986A52B2EEB}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS477 IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dianna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dianna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dianna\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dianna\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/08/09 11:57:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012/08/20 20:20:40 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://start.toshiba.com/?cid=C001B2Y CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://start.toshiba.com/?cid=C001B2Y CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dianna\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Spring Solitaire = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicifddfmjbembpdalmkhhacajlimmb\1.0.0.3_0\ CHR - Extension: Easter Mahjong = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoiejegkocgopenddncdmkjamdobalj\1.0.0.2_0\ CHR - Extension: Bible Inspiration Quotes = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cefjlnahlihagmakdigkomidanbcheol\1.0_0\ CHR - Extension: Mahjongg = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\ CHR - Extension: Tennis = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkomjfglgnfeeachhdckcbgjhfiahco\1.9_0\ CHR - Extension: Weather = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapbbpdnlcmiolkdfjnnjhabmcndadad\0.8.1.0_0\ CHR - Extension: Mixify Turntables = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbjgnhcjdkihdiidhimgkcbmdbamkob\0.0.0.3_0\ CHR - Extension: Music Games = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaemoaomjkcdfjmgbnbddjacgfkocnig\1.0_0\ CHR - Extension: Alive 4 Christ = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgkiggdlmpfmgpnbmjgbggcjmnakjid\1.0_0\ CHR - Extension: Summer Mahjong = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhebamddpnanijapgpghgalikpipdlaf\1.0.0.1_0\ CHR - Extension: The Weather Channel for Chrome = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\ CHR - Extension: Lose It! = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\ CHR - Extension: DJparty.fm by Club Cooee = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjammcnichlocfpclddenbnnbfnonefo\1.0.0.6_0\ CHR - Extension: New Years Mahjong = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnibopfmhebomhlcocnfafjkgchiflmf\1.0.0.3_0\ CHR - Extension: DJ Wooooo's House/Dance/Electro = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lacpihcpmlpdnalmmgiefhhlckanlpbm\1.0.2_0\ CHR - Extension: Daily Bible Devotion = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbmfcjenkcemdlhjkaihlhhhahafhlcd\1.5_0\ CHR - Extension: Norton Identity Protection = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: Goodgame disc Online 2 = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpipalfgnecdlkmblpikamhbbjfdmlc\1.0.1_0\ CHR - Extension: Fall Mahjong = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oapnninoohclnmiohgpjfnnphkjdmdna\1.0.0.1_0\ CHR - Extension: Picky Wallpapers = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\ CHR - Extension: My Chrome Theme = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\ CHR - Extension: Valentines Day Mahjong = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce\1.0.0.3_0\ CHR - Extension: Gmail = C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2660536348-2688907137-92808630-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2660536348-2688907137-92808630-1001..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2660536348-2688907137-92808630-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F079D7-A2D7-4192-B6AF-705B6E8D7696}: DhcpNameServer = 192.168.1.1 68.238.64.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b448320a-d810-11e1-8067-e840f2826e55}\Shell - "" = AutoRun O33 - MountPoints2\{b448320a-d810-11e1-8067-e840f2826e55}\Shell\AutoRun\command - "" = E:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/20 20:25:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dianna\Desktop\OTL.com [2012/08/20 11:22:17 | 000,000,000 | ---D | C] -- C:\Users\Dianna\Desktop\Home.Prints [2012/08/19 21:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/19 20:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/19 20:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/08/16 20:12:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dianna\Desktop\dds.com [2012/08/16 18:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/08/16 18:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/08/16 18:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/08/15 17:45:32 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Roaming\Mozilla [2012/08/12 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/08/12 12:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/08/12 11:37:34 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/08/12 10:28:01 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Roaming\Malwarebytes [2012/08/12 10:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/12 10:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/12 10:27:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/08/12 10:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/06 17:43:10 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Local\Apps [2012/08/06 17:43:09 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Local\Deployment [2012/08/06 08:02:21 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Local\CRE [2012/08/06 08:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/08/06 08:01:48 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Local\Smilebox [2012/08/06 08:00:34 | 000,000,000 | ---D | C] -- C:\Users\Dianna\AppData\Roaming\Smilebox [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/20 20:25:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 20:25:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 20:25:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dianna\Desktop\OTL.com [2012/08/20 20:18:16 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/20 20:18:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/20 20:17:55 | 2904,616,960 | -HS- | M] () -- C:\hiberfil.sys [2012/08/20 13:04:38 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660536348-2688907137-92808630-1001UA.job [2012/08/20 13:04:38 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/20 13:04:34 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/20 11:45:01 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660536348-2688907137-92808630-1001Core.job [2012/08/16 20:12:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dianna\Desktop\dds.com [2012/08/15 17:43:18 | 000,266,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/08/15 17:39:56 | 001,456,773 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB [2012/08/15 12:18:31 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038 [2012/08/12 11:31:04 | 000,001,265 | ---- | M] () -- C:\Users\Dianna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/08/09 22:28:35 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini [2012/07/27 10:48:34 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/07/27 10:48:34 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/07/27 10:48:34 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/20 07:49:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/12 11:35:40 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660536348-2688907137-92808630-1001UA.job [2012/08/12 11:35:39 | 000,000,860 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660536348-2688907137-92808630-1001Core.job [2012/04/01 15:34:24 | 000,000,842 | ---- | C] () -- C:\windows\Brpfx04a.ini [2012/04/01 15:34:24 | 000,000,161 | ---- | C] () -- C:\windows\brpcfx.ini [2012/04/01 15:33:50 | 000,000,000 | ---- | C] () -- C:\windows\BRPARAM.INI [2012/04/01 15:32:01 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2012/04/01 15:31:14 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2012/04/01 15:31:00 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2012/03/16 19:32:36 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012/03/16 19:28:00 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll [2012/03/16 19:26:58 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012/03/16 19:23:52 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012/04/01 13:50:54 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\Book Place [2012/04/01 15:39:14 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\ControlCenter4 [2012/04/01 15:23:40 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\Nuance [2012/05/28 11:54:18 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\PC-FAX TX [2012/06/26 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\PCCUStubInstaller [2012/08/09 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\Smilebox [2012/04/02 09:56:11 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\Tific [2012/04/01 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\Toshiba [2012/04/01 13:13:43 | 000,000,000 | ---D | M] -- C:\Users\Dianna\AppData\Roaming\WinBatch [2012/07/15 08:39:23 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/20/2012 8:26:25 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Dianna\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.61 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 52.46% Memory free 9.01 Gb Paging File | 6.97 Gb Available in Paging File | 77.36% Paging File free Paging file location(s): c:\pagefile.sys 5539 5539 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.88 Gb Total Space | 238.00 Gb Free Space | 84.43% Space Free | Partition Type: NTFS Computer Name: DIANNA-PC | User Name: Dianna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02274494-29DC-4935-9436-6675AA9E6AE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{047F7245-19BF-4FD8-862B-4F34C18ECABA}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{0E9597BC-F210-4E07-8DEF-11BD3975E457}" = lport=139 | protocol=6 | dir=in | app=system | "{0F6BBC43-0298-4979-AFED-8D175DE8E5AB}" = rport=10243 | protocol=6 | dir=out | app=system | "{177A485D-65FA-467F-B918-43828431E20B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1E3625DC-3B1D-4EBB-9BA6-FCD06EA93F4C}" = lport=2869 | protocol=6 | dir=in | app=system | "{26BC0C04-9AE2-4BF0-9E21-F9A6F44BD7B4}" = lport=10243 | protocol=6 | dir=in | app=system | "{2F82C531-4986-406E-97BC-C51A8BB4B1DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{389EB040-6BD9-42D2-B6E5-3E159C7E433A}" = rport=445 | protocol=6 | dir=out | app=system | "{38E4AE4C-F7A6-4066-AF90-00CC32B8CF87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3A27DF2F-D36F-46D7-978A-6E0098D4924A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3BDF2918-CA9F-44C1-87BD-B05A412243A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46559BE6-4002-404C-9A83-7C14E04BC8DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{46A04D2F-2D39-422B-AB57-F07B9C5F6162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{58570AE5-372B-44E2-8995-DB585A849A60}" = rport=137 | protocol=17 | dir=out | app=system | "{59E517E6-3A04-4FD5-93B2-F5521BDED538}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{702C4D0D-1C2C-4E2B-A75E-3C1B12B60D6F}" = lport=445 | protocol=6 | dir=in | app=system | "{8EA7C44C-2D30-4EBA-92A3-23B62351F69B}" = rport=139 | protocol=6 | dir=out | app=system | "{94855BC6-DB8E-4BE1-AD0C-01938061B68E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE704ABD-7A89-44A1-A3F7-B2E10584832E}" = rport=138 | protocol=17 | dir=out | app=system | "{DA9E0B15-61ED-4C5F-9651-43169EB7AFA3}" = lport=137 | protocol=17 | dir=in | app=system | "{E5DC818B-FCEF-4F3A-83B7-81C17701FB94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F24A55FB-3D52-471C-9B65-6F9A071B4F9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F943B475-8B7F-4479-AFFF-E0CAD65CE69E}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018E32F3-6724-4401-AA41-FA9364334388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1E192145-3F0F-4A08-AC7C-85630B3331E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2C6E5CCB-C766-4B55-95BA-9D132A16DFB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2FCBB381-9B6E-4B50-9FD8-11FA009EFB78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3922D424-8ADF-4AEA-9AD6-81F7486E17EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3CEAE7E8-1A9D-4FA1-9B98-415E6675BFEE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{47089635-7A74-460C-A06A-B6F6F7EDBF5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C15CBCE-9645-4F74-B90D-CFCE11ADD45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CF718B6-39F7-4237-A3F0-2024A5FAED41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{541B91FF-8FDF-44F9-BA6D-158EA338200E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{56590B89-1C51-4C06-B47D-2BE35967364B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{602D0160-3D9B-45B8-8C9B-F7CA259AFA57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{693D40A1-4F0F-4771-9914-58DC5AFACD5B}" = protocol=6 | dir=out | app=system | "{6BD428CB-017F-4BBC-B964-C1F3A7331167}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{750316C4-050A-4374-ADBA-903DFAF7E858}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8744A32E-10FF-4039-833F-60442B4D5F09}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8D5B8E95-348E-4BBC-A5D1-DEEAF2B1BD8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AF490D44-0E05-4E1C-B0B8-FC2621C1083E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B113381D-966D-4AAE-8E64-B07C30D0235C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B2C76592-2A95-4988-82DC-F1E97822EF35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B56F855B-9CFE-4BCE-A02B-E1E234214F54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BB287FA2-1C20-4F7C-9FDE-3E9DE5416423}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C6EE4944-901C-4012-8CF3-115ACC929572}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA8E83BB-7724-4D35-8452-96F4A9B0F6A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D6CB9C3A-02C3-4C0B-A070-650DB983E9D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DB270E83-F3EE-4DB7-B6FB-581D5F1CC079}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E8E0E796-66D4-41B5-BBFB-E9F9DB03F00C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FEBCA0A1-4BD8-400D-8AC7-52A1E3C623AD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English "{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish "{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese "{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin "{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding "{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center "{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J435W "{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai "{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "NIS" = Norton Internet Security "Norton PC Checkup_is1" = Norton PC Checkup "NortonPCCheckup" = Toshiba Laptop Checkup "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-27d02ab0-ef12-42f4-871b-306a2e40ddff" = Penguins! "WTA-35caa252-658b-4ede-a83e-d63527618e36" = Letters from Nowhere 2 "WTA-43d14dbd-ca91-4e4b-85b8-f146f7f7ba18" = FATE - The Traitor Soul "WTA-4ff51562-9cbe-4d4e-bb88-cbb5e541319c" = Tales of Lagoona "WTA-b7c88b60-5ae2-4237-8cd0-4be7f7fe5c33" = Plants vs. Zombies - Game of the Year "WTA-c72982d1-433a-4746-86b1-91b96690b48f" = Polar Bowler "WTA-d7eb1da2-1ce9-4ac2-a15b-31889979bccd" = RollerCoaster Tycoon 3: Platinum "WTA-f677e917-3efb-4815-81f7-b5360746d060" = Zuma's Revenge "WTA-feea8a59-2ee7-4fd3-a159-dc69faee34c9" = Bejeweled 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2660536348-2688907137-92808630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/9/2012 5:56:07 PM | Computer Name = Dianna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1139 Error - 8/9/2012 5:56:13 PM | Computer Name = Dianna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/9/2012 5:56:13 PM | Computer Name = Dianna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6896 Error - 8/9/2012 5:56:13 PM | Computer Name = Dianna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6896 Error - 8/9/2012 7:47:18 PM | Computer Name = Dianna-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 7:47:21 PM | Computer Name = Dianna-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/10/2012 11:54:10 AM | Computer Name = Dianna-PC | Source = WinMgmt | ID = 10 Description = Error - 8/10/2012 11:54:21 AM | Computer Name = Dianna-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/10/2012 12:27:58 PM | Computer Name = Dianna-PC | Source = WinMgmt | ID = 10 Description = Error - 8/10/2012 12:28:10 PM | Computer Name = Dianna-PC | Source = Toshiba App Place | ID = 0 Description = [ Media Center Events ] Error - 5/16/2012 5:18:25 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:18:25 PM - Failed to retrieve Directory (Error: The operation has timed out) Error - 5/16/2012 5:23:03 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:21:46 PM - Failed to retrieve NetTV (Error: The operation has timed out) Error - 5/16/2012 5:24:43 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:24:43 PM - Failed to retrieve MCESpotlight (Error: The operation has timed out) Error - 5/16/2012 5:27:36 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:27:36 PM - Failed to retrieve SportsSchedule (Error: The operation has timed out) Error - 5/16/2012 5:29:45 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:29:16 PM - Failed to retrieve SportsV2 (Error: The operation has timed out) Error - 5/18/2012 6:16:25 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 3:16:25 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 5:33:13 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 2:33:13 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 6:33:34 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 3:33:30 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 7:33:44 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 4:33:40 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 8:33:54 PM | Computer Name = Dianna-PC | Source = MCUpdate | ID = 0 Description = 5:33:50 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) [ System Events ] Error - 8/19/2012 11:23:50 AM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/19/2012 1:13:33 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10010 Description = Error - 8/19/2012 11:35:23 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/19/2012 11:35:31 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/20/2012 1:01:20 AM | Computer Name = Dianna-PC | Source = DCOM | ID = 10010 Description = Error - 8/20/2012 10:07:27 AM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/20/2012 10:07:42 AM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/20/2012 4:17:44 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10010 Description = Error - 8/20/2012 11:19:20 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = Error - 8/20/2012 11:19:34 PM | Computer Name = Dianna-PC | Source = DCOM | ID = 10016 Description = < End of report >