Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Smart HDD On external hard drive?
Message
<blockquote data-quote="marynbtol" data-source="post: 68742" data-attributes="member: 1852"><p>OTL Report:</p><p>OTL logfile created on: 8/17/2012 10:06:08 AM - Run 2</p><p>OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\marynbtol\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>5.48 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 65.70% Memory free</p><p>10.96 Gb Paging File | 8.83 Gb Available in Paging File | 80.63% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 580.58 Gb Total Space | 521.06 Gb Free Space | 89.75% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\marynbtol\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)</p><p>PRC - C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software)</p><p>PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)</p><p>PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)</p><p>PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)</p><p>SRV:<strong>64bit:</strong> - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)</p><p>SRV:<strong>64bit:</strong> - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)</p><p>SRV:<strong>64bit:</strong> - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)</p><p>SRV:<strong>64bit:</strong> - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)</p><p>SRV:<strong>64bit:</strong> - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)</p><p>SRV:<strong>64bit:</strong> - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()</p><p>SRV:<strong>64bit:</strong> - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)</p><p>SRV:<strong>64bit:</strong> - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)</p><p>SRV - (VIPRE Business Service) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software)</p><p>SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)</p><p>SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)</p><p>SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )</p><p>DRV:<strong>64bit:</strong> - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)</p><p>DRV:<strong>64bit:</strong> - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)</p><p>DRV:<strong>64bit:</strong> - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</p><p>DRV:<strong>64bit:</strong> - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)</p><p>DRV:<strong>64bit:</strong> - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</p><p>DRV:<strong>64bit:</strong> - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p>IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478</p><p>IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local></p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p> </p><p> </p><p>O1 HOSTS File: ([2012/07/28 08:06:13 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2:<strong>64bit:</strong> - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O2:<strong>64bit:</strong> - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3:<strong>64bit:</strong> - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</p><p>O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)</p><p>O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)</p><p>O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)</p><p>O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O10:<strong>64bit:</strong> - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp\oledb - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\mso-offdap - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\mso-offdap11 - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18:<strong>64bit:</strong> - Protocol\Filter\text/xml - No CLSID value found</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p> CREATERESTOREPOINT</p><p>Restore point Set: OTL Restore Point</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2012/08/17 09:57:42 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll</p><p>[2012/08/17 09:57:41 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll</p><p>[2012/08/17 09:57:41 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe</p><p>[2012/08/17 09:57:28 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe</p><p>[2012/08/17 09:57:28 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe</p><p>[2012/08/17 09:57:28 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll</p><p>[2012/08/17 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java</p><p>[2012/07/28 08:04:35 | 000,000,000 | ---D | C] -- C:\Reg_Backup</p><p>[2012/07/28 08:04:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE</p><p>[2012/07/28 08:01:56 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs</p><p>[2012/07/28 08:01:52 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com</p><p>[2012/07/28 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com</p><p>[2012/07/27 21:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET</p><p>[2012/07/27 19:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab</p><p>[2012/07/22 16:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared</p><p>[2012/07/22 16:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec</p><p>[2012/07/22 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Chromium</p><p>[2012/07/22 16:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Checkup</p><p>[2012/07/22 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup</p><p>[2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp</p><p>[2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN</p><p>[2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics</p><p>[2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe</p><p>[2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe</p><p>[2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe</p><p>[2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt</p><p>[2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva</p><p>[2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva</p><p>[2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS</p><p>[2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine</p><p>[2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE</p><p>[2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit</p><p>[2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc</p><p>[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc</p><p>[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc</p><p>[2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit</p><p>[2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2012/08/17 10:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2012/08/17 10:01:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2012/08/17 09:57:20 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll</p><p>[2012/08/17 09:57:20 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll</p><p>[2012/08/17 09:57:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe</p><p>[2012/08/17 09:57:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe</p><p>[2012/08/17 09:57:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe</p><p>[2012/08/17 09:57:20 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll</p><p>[2012/08/17 09:17:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2012/08/17 07:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI</p><p>[2012/08/17 07:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat</p><p>[2012/08/17 07:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat</p><p>[2012/08/17 06:51:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/08/15 07:45:02 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2012/08/15 07:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk</p><p>[2012/08/14 20:06:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe</p><p>[2012/08/14 20:06:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2012/08/01 16:55:22 | 000,161,273 | ---- | M] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf</p><p>[2012/07/28 08:07:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE</p><p>[2012/07/28 08:07:52 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat</p><p>[2012/07/28 08:06:13 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts</p><p>[2012/07/28 08:01:52 | 000,002,258 | ---- | M] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk</p><p>[2012/07/27 19:46:23 | 141,653,048 | ---- | M] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe</p><p>[2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts_bak_378</p><p>[2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk</p><p>[2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2012/08/01 16:55:22 | 000,161,273 | ---- | C] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf</p><p>[2012/07/28 08:07:42 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat</p><p>[2012/07/28 08:01:52 | 000,002,258 | ---- | C] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk</p><p>[2012/07/27 19:41:54 | 141,653,048 | ---- | C] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe</p><p>[2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk</p><p>[2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe</p><p>[2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe</p><p>[2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe</p><p>[2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe</p><p>[2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe</p><p>[2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk</p><p>[2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk</p><p>[2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk</p><p>[2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk</p><p>[2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk</p><p>[2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk</p><p>[2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk</p><p>[2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk</p><p>[2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk</p><p>[2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk</p><p>[2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk</p><p>[2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>[2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk</p><p>[2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>[2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk</p><p>[2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk</p><p>[2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk</p><p>[2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk</p><p>[2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk</p><p>[2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk</p><p>[2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk</p><p>[2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END</p><p>[2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat</p><p>[2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat</p><p>[2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat</p><p>[2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat</p><p>[2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat</p><p>[2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat</p><p>[2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat</p><p>[2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat</p><p>[2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat</p><p>[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat</p><p>[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat</p><p>[2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat</p><p>[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat</p><p>[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat</p><p>[2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat</p><p>[2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini</p><p>[2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini</p><p>[2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI</p><p>[2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe</p><p>[2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll</p><p>[2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin</p><p>[2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat</p><p>[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson</p><p>[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software</p><p>[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name</p><p>[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller</p><p>[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific</p><p>[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba</p><p>[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch</p><p>[2009/07/14 01:08:49 | 000,013,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Custom Scans ==========</span></p><p> </p><p><span style="color: #A23BEC">< %SYSTEMDRIVE%\*.exe ></span></p><p> </p><p><span style="color: #A23BEC">< %ALLUSERSPROFILE%\Application Data\*.exe ></span></p><p> </p><p><span style="color: #A23BEC">< %APPDATA%\*. ></span></p><p>[2012/07/28 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe</p><p>[2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer</p><p>[2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI</p><p>[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson</p><p>[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software</p><p>[2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google</p><p>[2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities</p><p>[2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield</p><p>[2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia</p><p>[2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes</p><p>[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs</p><p>[2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft</p><p>[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name</p><p>[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller</p><p>[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific</p><p>[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba</p><p>[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch</p><p> </p><p><span style="color: #A23BEC">< MD5 for: ATAPI.SYS ></span></p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys</p><p> </p><p><span style="color: #A23BEC">< MD5 for: CSRSS.EXE ></span></p><p>[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe</p><p>[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: EXPLORER.EXE ></span></p><p>[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe</p><p>[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe</p><p>[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe</p><p>[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe</p><p>[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe</p><p>[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: PRINTISOLATIONHOST.EXE ></span></p><p>[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe</p><p>[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: SVCHOST.EXE ></span></p><p>[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe</p><p>[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe</p><p>[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe</p><p>[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: USERINIT.EXE ></span></p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe</p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe</p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: WINLOGON.EXE ></span></p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe</p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe</p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe</p><p>[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe</p><p> </p><p><span style="color: #A23BEC">< %systemroot%\*. /mp /s ></span></p><p> </p><p><span style="color: #A23BEC">< hklm\software\clients\startmenuinternet|command /rs ></span></p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p> </p><p><span style="color: #A23BEC">< hklm\software\clients\startmenuinternet|command /64 /rs ></span></p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p> </p><p><span style="color: #A23BEC">< %systemroot%\system32\*.dll /lockedfiles ></span></p><p> </p><p><span style="color: #A23BEC">< %systemroot%\Tasks\*.job /lockedfiles ></span></p><p> </p><p><span style="color: #A23BEC">< %systemroot%\system32\drivers\*.sys /lockedfiles ></span></p><p></p><p>< End of report ></p><p></p><p>Have been away and just revisited the site. Thanks for your help. things have been running well! Updated java as suggested.</p></blockquote><p></p>
[QUOTE="marynbtol, post: 68742, member: 1852"] OTL Report: OTL logfile created on: 8/17/2012 10:06:08 AM - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\marynbtol\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.48 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 65.70% Memory free 10.96 Gb Paging File | 8.83 Gb Available in Paging File | 80.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580.58 Gb Total Space | 521.06 Gb Free Space | 89.75% Space Free | Partition Type: NTFS Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\marynbtol\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software) PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:[b]64bit:[/b] - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:[b]64bit:[/b] - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation) SRV:[b]64bit:[/b] - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:[b]64bit:[/b] - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe () SRV:[b]64bit:[/b] - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:[b]64bit:[/b] - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation) SRV - (VIPRE Business Service) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software) SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys () DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:[b]64bit:[/b] - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:[b]64bit:[/b] - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478 IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/07/28 08:06:13 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/17 09:57:42 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2012/08/17 09:57:41 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2012/08/17 09:57:41 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012/08/17 09:57:28 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012/08/17 09:57:28 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012/08/17 09:57:28 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012/08/17 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/07/28 08:04:35 | 000,000,000 | ---D | C] -- C:\Reg_Backup [2012/07/28 08:04:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE [2012/07/28 08:01:56 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/07/28 08:01:52 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/07/28 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2012/07/27 21:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/07/27 19:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/07/22 16:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012/07/22 16:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012/07/22 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Chromium [2012/07/22 16:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Checkup [2012/07/22 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup [2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics [2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS [2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine [2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE [2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc [2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc [2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc [2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit [2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/17 10:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/17 10:01:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 09:57:20 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2012/08/17 09:57:20 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2012/08/17 09:57:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012/08/17 09:57:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012/08/17 09:57:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012/08/17 09:57:20 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012/08/17 09:17:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/17 07:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/08/17 07:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/08/17 07:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/08/17 06:51:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/15 07:45:02 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys [2012/08/15 07:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/08/14 20:06:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/14 20:06:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/01 16:55:22 | 000,161,273 | ---- | M] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf [2012/07/28 08:07:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE [2012/07/28 08:07:52 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat [2012/07/28 08:06:13 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/07/28 08:01:52 | 000,002,258 | ---- | M] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/07/27 19:46:23 | 141,653,048 | ---- | M] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe [2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts_bak_378 [2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk [2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/01 16:55:22 | 000,161,273 | ---- | C] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf [2012/07/28 08:07:42 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat [2012/07/28 08:01:52 | 000,002,258 | ---- | C] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/07/27 19:41:54 | 141,653,048 | ---- | C] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe [2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk [2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk [2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk [2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END [2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini [2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll [2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [color=#E56717]========== LOP Check ==========[/color] [2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson [2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software [2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name [2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller [2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific [2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba [2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch [2009/07/14 01:08:49 | 000,013,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2012/07/28 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe [2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer [2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI [2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson [2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software [2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google [2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities [2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield [2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia [2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes [2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs [2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft [2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name [2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller [2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific [2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba [2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: CSRSS.EXE >[/color] [2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe [2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE >[/color] [2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe [2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] < End of report > Have been away and just revisited the site. Thanks for your help. things have been running well! Updated java as suggested. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
