Jump to content

rhjra

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Tech Info

  • Experience
    beginner
  • System: windows_7_home_premium

rhjra's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. rhjra
    It isn't showing the error on startup any more, however I did disable it in MSConfig. *** Actually, I just thought to have a look and the weird item KZNNWJVOO has disappeared from the list of startup items completely, so it looks like one of the steps you directed me to got rid of it. I suppose now we'll never know what it was... Thank you for your help Starbuck, RandyL and KenB
  2. rhjra
    OTLFixLog.Txt All processes killed ========== OTL ========== Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429} C:\Windows\Downloaded Program Files\SETUP.INF moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Users\Joshua\AppData\Local\{AA6E6D3C-1418-4BBC-91B2-18CC4D0BDB0C} folder moved successfully. C:\Users\Joshua\AppData\Local\{0428BC40-21E5-4FB1-B9D6-7A8AABAB0B1F} folder moved successfully. C:\Users\Joshua\AppData\Local\{8B8CC277-6AD7-4027-B71F-AF06767A3B0F} folder moved successfully. C:\Users\Joshua\AppData\Local\{17F111F5-7528-41F7-8422-A5F8FE1DDC08} folder moved successfully. C:\Users\Joshua\AppData\Local\{60F25EE1-462B-426F-9629-F4BE4CF3DFA2} folder moved successfully. C:\Users\Joshua\AppData\Local\{FC91F3D8-EE0A-457F-8726-B8E3854CA6F5} folder moved successfully. C:\Users\Joshua\AppData\Local\{90387648-2A06-4B63-9176-0F78EB0004DC} folder moved successfully. C:\Users\Joshua\AppData\Local\{3D979A9D-E410-4F8E-8FC9-014EA948D64C} folder moved successfully. C:\Users\Joshua\AppData\Local\{8DAB52E1-4391-4A4A-A5DB-A54F6F7E243D} folder moved successfully. C:\Users\Joshua\AppData\Local\{8A089BAA-79FD-4F22-AC7E-1576F614E42E} folder moved successfully. C:\Users\Joshua\AppData\Local\{5DC30BF5-989A-42F2-A80D-BC89C64B10B5} folder moved successfully. C:\Users\Joshua\AppData\Local\{C6EF8B13-1B28-4380-AF42-5E21D8C955B8} folder moved successfully. C:\Users\Joshua\AppData\Local\{DBAEA556-03CC-4791-89D8-3A499D508065} folder moved successfully. C:\Users\Joshua\AppData\Local\{702B4433-F025-4540-9CDF-891D096DD3D3} folder moved successfully. C:\Users\Joshua\AppData\Local\{08A18577-DEA7-4F23-8F05-6BD9B15AE3C4} folder moved successfully. C:\Users\Joshua\AppData\Local\{F789E791-B317-4159-8D97-C0227A28A497} folder moved successfully. C:\Users\Joshua\AppData\Local\{EA863A72-98BC-4962-B852-48A177675896} folder moved successfully. C:\Users\Joshua\AppData\Local\{8E4D8A70-E4AF-4F02-A086-17AAB969C64F} folder moved successfully. C:\Users\Joshua\AppData\Local\{0F62123B-35C0-4404-B0EC-441EDF17270B} folder moved successfully. C:\Users\Joshua\AppData\Local\{9C92B23D-2DB9-4A89-8B41-71EE27A7CB16} folder moved successfully. C:\Users\Joshua\AppData\Local\{93030BC5-2637-4E53-A7E9-2B8D7EEDBB62} folder moved successfully. C:\Users\Joshua\AppData\Local\{98C5228A-E812-4CD5-8C47-8653BFB622F0} folder moved successfully. C:\Users\Joshua\AppData\Local\{9FC5824E-B402-4225-8CDF-28F12AB33A5B} folder moved successfully. C:\Users\Joshua\AppData\Local\{2D4822CA-A511-4669-BD44-BBA8D0D607EA} folder moved successfully. C:\Users\Joshua\AppData\Local\{841B8A69-C970-4D73-B791-2DF6E31A056C} folder moved successfully. C:\Users\Joshua\AppData\Local\{7DC6FAE7-E555-41DE-ADFA-6CEF83A3560F} folder moved successfully. C:\Users\Joshua\AppData\Local\{53DE859A-CD87-46D1-8622-AD9082635AA7} folder moved successfully. C:\Users\Joshua\AppData\Local\{DAAC17E8-ECFE-4C2D-B6BE-1E218451BA16} folder moved successfully. C:\Users\Joshua\AppData\Local\{37C4ACC6-78DC-4B4D-9B49-8E36043C35CC} folder moved successfully. C:\Users\Joshua\AppData\Local\{D9724197-4834-466F-A30E-4EBCACE39B7B} folder moved successfully. C:\Users\Joshua\AppData\Local\{B3C7A6AB-B4A2-468F-9AC1-92895D7D81B3} folder moved successfully. C:\Users\Joshua\AppData\Local\{C9F94A56-E288-4395-9D49-F7B605226351} folder moved successfully. C:\Users\Joshua\AppData\Local\{DD4E7449-587B-44A1-ABC4-3AF1A39AFA8A} folder moved successfully. C:\Users\Joshua\AppData\Local\{F7C6C18E-0C68-47A9-B014-640E88D2A7CE} folder moved successfully. C:\Users\Joshua\AppData\Local\{CEB7C639-8DCC-421B-ACE7-F5E3C4DDE82E} folder moved successfully. C:\Users\Joshua\AppData\Local\{A4F46B0E-4423-4CED-A473-AEE8C352F9CA} folder moved successfully. C:\Users\Joshua\AppData\Local\{790D0B12-6B2C-4638-AEF9-D6F49612AF4D} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KZNNWJVOO\ deleted successfully. ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully. ADS C:\ProgramData\TEMP:C46995DA deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Joshua\Desktop\cmd.bat deleted successfully. C:\Users\Joshua\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Joshua ->Temp folder emptied: 10615151 bytes ->Temporary Internet Files folder emptied: 301446647 bytes ->Java cache emptied: 391653599 bytes ->Flash cache emptied: 4718 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 671.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11262011_103728 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ESET found nothing. There wasn't a List of Found Threats button. It said Scanned Files: 166612 Infected Files: 0 Cleaned Files: 0 Total scan time: 04:53:35 Scan status: Finished Before it started it said it detected my McAfee Security Centre and MS Windows Defender. Windows Defender is off anyway but I couldn't work out how to turn McAfee off temporarily, and its own help file doesn't tell you either. If you think it did interfere I'll have to have a good look around for how to disable McAfee.
  3. rhjra
    OTL.Txt: OTL logfile created on: 11/25/2011 9:42:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joshua\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 62.82% Memory free 3.74 Gb Paging File | 2.49 Gb Available in Paging File | 66.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116.29 Gb Total Space | 74.70 Gb Free Space | 64.24% Space Free | Partition Type: NTFS Drive D: | 116.21 Gb Total Space | 110.63 Gb Free Space | 95.20% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Joshua | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joshua\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\RSelect\RSelSvc.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosIPCWraper.dll () MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll () MOD - C:\Program Files\Toshiba\FlashCards\Hotkey\FnZ.dll () MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll () MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll () MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll () ========== Win32 Services (SafeList) ========== SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (RapportCerberus_32301) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys () DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\system32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (FwLnk) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1 [2010/03/29 11:27:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/19 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/11 17:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/25 21:35:46 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111113080612.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games-uk.pogo.com/Online2/pogo/astropop/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://games-uk.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab (Playtime Games Launcher) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44050B83-9D72-4F2F-BB61-6A1FEDEB6C1E}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: KZNNWJVOO - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/25 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/11/25 21:36:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joshua\Desktop\OTL.scr [2011/11/25 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DD4E7449-587B-44A1-ABC4-3AF1A39AFA8A} [2011/11/25 21:33:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F7C6C18E-0C68-47A9-B014-640E88D2A7CE} [2011/11/24 22:07:22 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{CEB7C639-8DCC-421B-ACE7-F5E3C4DDE82E} [2011/11/24 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{A4F46B0E-4423-4CED-A473-AEE8C352F9CA} [2011/11/23 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{790D0B12-6B2C-4638-AEF9-D6F49612AF4D} [2011/11/22 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/11/22 22:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/11/22 22:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/11/22 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{D9724197-4834-466F-A30E-4EBCACE39B7B} [2011/11/22 01:08:00 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{B3C7A6AB-B4A2-468F-9AC1-92895D7D81B3} [2011/11/22 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C9F94A56-E288-4395-9D49-F7B605226351} [2011/11/21 13:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/11/21 13:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/11/21 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DAAC17E8-ECFE-4C2D-B6BE-1E218451BA16} [2011/11/21 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{37C4ACC6-78DC-4B4D-9B49-8E36043C35CC} [2011/11/20 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Malwarebytes [2011/11/20 23:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/20 23:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/20 23:25:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/11/20 23:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/11/17 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8E4D8A70-E4AF-4F02-A086-17AAB969C64F} [2011/11/16 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0F62123B-35C0-4404-B0EC-441EDF17270B} [2011/11/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9C92B23D-2DB9-4A89-8B41-71EE27A7CB16} [2011/11/14 16:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{93030BC5-2637-4E53-A7E9-2B8D7EEDBB62} [2011/11/14 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{98C5228A-E812-4CD5-8C47-8653BFB622F0} [2011/11/13 15:45:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9FC5824E-B402-4225-8CDF-28F12AB33A5B} [2011/11/13 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{2D4822CA-A511-4669-BD44-BBA8D0D607EA} [2011/11/11 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{841B8A69-C970-4D73-B791-2DF6E31A056C} [2011/11/11 00:06:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{7DC6FAE7-E555-41DE-ADFA-6CEF83A3560F} [2011/11/11 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{53DE859A-CD87-46D1-8622-AD9082635AA7} [2011/11/09 23:05:19 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/11/09 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{08A18577-DEA7-4F23-8F05-6BD9B15AE3C4} [2011/11/08 15:30:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F789E791-B317-4159-8D97-C0227A28A497} [2011/11/08 00:10:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{EA863A72-98BC-4962-B852-48A177675896} [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/11/07 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{AA6E6D3C-1418-4BBC-91B2-18CC4D0BDB0C} [2011/11/06 23:24:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0428BC40-21E5-4FB1-B9D6-7A8AABAB0B1F} [2011/11/06 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8B8CC277-6AD7-4027-B71F-AF06767A3B0F} [2011/11/05 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{17F111F5-7528-41F7-8422-A5F8FE1DDC08} [2011/11/05 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{60F25EE1-462B-426F-9629-F4BE4CF3DFA2} [2011/11/04 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{FC91F3D8-EE0A-457F-8726-B8E3854CA6F5} [2011/11/03 23:43:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{90387648-2A06-4B63-9176-0F78EB0004DC} [2011/11/03 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{3D979A9D-E410-4F8E-8FC9-014EA948D64C} [2011/11/02 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8DAB52E1-4391-4A4A-A5DB-A54F6F7E243D} [2011/11/02 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8A089BAA-79FD-4F22-AC7E-1576F614E42E} [2011/11/01 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{5DC30BF5-989A-42F2-A80D-BC89C64B10B5} [2011/11/01 23:41:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C6EF8B13-1B28-4380-AF42-5E21D8C955B8} [2011/10/29 00:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/10/29 00:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/10/27 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DBAEA556-03CC-4791-89D8-3A499D508065} [2011/10/27 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{702B4433-F025-4540-9CDF-891D096DD3D3} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/25 21:39:38 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/25 21:39:38 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/25 21:37:23 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2011/11/25 21:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Desktop\OTL.scr [2011/11/25 21:32:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/25 21:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/11/25 21:31:59 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys [2011/11/24 23:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/23 22:09:41 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/11/23 22:09:41 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/11/22 22:47:06 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/21 13:34:20 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/11/13 23:49:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/11/13 11:01:33 | 000,199,475 | ---- | M] () -- C:\Users\Joshua\Documents\Cuffley JD.pdf [2011/11/10 03:39:02 | 000,358,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/22 22:47:06 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/21 13:34:20 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/11/13 11:01:32 | 000,199,475 | ---- | C] () -- C:\Users\Joshua\Documents\Cuffley JD.pdf [2011/01/24 15:15:49 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011/01/21 06:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/08/01 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/19 23:06:54 | 000,000,100 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\wklnhst.dat [2009/12/07 19:03:51 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2009/12/02 00:48:00 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2009/10/15 10:11:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009/09/04 16:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/09/04 16:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/08/27 06:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009/08/27 06:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009/08/27 06:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009/08/27 06:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:33:53 | 000,358,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 02:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 02:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/04/15 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ACAMPREF [2011/10/04 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Audacity [2009/11/25 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Noteworthy Software [2011/05/21 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\OverDrive [2009/12/03 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Pogo Games [2011/10/05 09:20:01 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Spotify [2010/02/19 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Template [2009/11/27 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Toshiba [2010/11/15 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Trusteer [2009/11/27 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\WildTangent [2011/01/24 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\WinBatch [2010/10/31 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Windows Live Writer [2011/03/30 10:58:32 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011/11/25 21:31:59 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys [2011/11/25 21:32:05 | 2009,063,424 | -HS- | M] () -- C:\pagefile.sys [2009/09/07 14:01:01 | 000,000,124 | -H-- | M] () -- C:\SWSTAMP.TXT < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll [2010/11/20 12:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C46995DA < End of report > Extras.Txt OTL Extras logfile created on: 11/25/2011 9:42:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joshua\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 62.82% Memory free 3.74 Gb Paging File | 2.49 Gb Available in Paging File | 66.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116.29 Gb Total Space | 74.70 Gb Free Space | 64.24% Space Free | Partition Type: NTFS Drive D: | 116.21 Gb Total Space | 110.63 Gb Free Space | 95.20% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Joshua | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{154C378D-D990-42DF-BDFD-5225E2EE3D8C}" = V.92 Modem On Hold "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 29 "{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype Launcher "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay "{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "CCleaner" = CCleaner "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "CutePDF Writer Installation" = CutePDF Writer 2.8 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook "Finale PrintMusic 2010" = Finale PrintMusic 2010 "Harmony Assistant" = Harmony Assistant "HDMI" = Intel® Graphics Media Accelerator Driver "hedgewars" = Hedgewars "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board "InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSC" = McAfee Internet Security "NoteWorthy Composer 2" = NoteWorthy Composer 2 "Rapport_msi" = Rapport "RealPlayer 12.0" = RealPlayer "Spotify" = Spotify "SynTPDeinstKey" = Synaptics Pointing Device Driver "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "493772c2b42d22b9" = Click MusicalKEYS ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/15/2011 9:33:18 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4337 Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5335 Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5335 Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6333 Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6333 Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7784 Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7784 [ System Events ] Error - 11/21/2011 11:54:57 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error %%-1073473535. Error - 11/21/2011 11:54:57 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/21/2011 12:51:00 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/21/2011 5:32:16 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 11/22/2011 4:21:36 AM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/22/2011 1:57:58 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/22/2011 6:37:38 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/22/2011 6:38:20 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/22/2011 6:39:20 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056 Error - 11/25/2011 5:37:42 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = < End of report >
  4. rhjra
    Eureka... ish. I haven't had time to download and run OTL yet (I'm working a long way from home and leave early and get back late). However, I looked at the start-up items and there's one called KZNNWJVOO (which has no hits in the Famous Search Engine) Manufacturer: Unknown Command: rundll322C:\Users\<username>\AppData\Roaming\apssk.dll",OYWENLMU Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I have unticked it and am about to restart as prompted; I'm unwilling to try and look for it until someone tells me what to do; I don't have the faintest idea what HKCU even is...
  5. rhjra
    I did forget to unhide system folders - I have now done so; hidden folders were already shown. Presumably the checks I was advised to run earlier would have checked the protected folders as well - I don't need to run them again do I? Nev - I haven't set anything to run on start-up that doesn't do so automatically - I wouldn't know how to for one thing. I haven't personally installed anything recently (other than MBAM and CChecker in the last few days), but I think this error box started coming up after Windows Update did a big batch of updating. Is it worth having a look at what it has updated in the last month or so?
  6. rhjra
    No sign of a file called apssk.dll in that folder. Ran CCleaner and on next restart, the same RunDLL error box came up. Other than having to dismiss the box again no ill effects are apparent.
  7. rhjra
    Ok, here's the log text. To my untrained eye it looks thoroughly inconclusive: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8202 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 20/11/2011 23:42:58 mbam-log-2011-11-20 (23-42-58).txt Scan type: Quick scan Objects scanned: 170539 Time elapsed: 14 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. rhjra
    What quick answering... Clearly I should have checked back here sooner than I did - I'll know in future. No, there's no apssk.dll; there is an apss.dll.
  9. rhjra
    For a couple of days (I think since Windows Update did a large batch of updates), when my laptop starts up it displays an error message. The error box title is RunDLL. In it, it says: There was a problem starting C:\Users\<username>\AppData\Roaming\apssk.dll The specified module could not be found I searched online for 'apssk.dll' and found absolutely nothing. Other than the error box on start-up, nothing seems obviously to be not working, so what I'd like to know is - is it important to fix, and if so how is it done? Toshiba Satellite L360 laptop running Windows 7 Home Premium. I'm not very good on the technical side of computers, so any help or supplementary questions will need to be in nice short words, please! Thank you.
×
×
  • Create New...