rhjra Posted November 13, 2011 Posted November 13, 2011 For a couple of days (I think since Windows Update did a large batch of updates), when my laptop starts up it displays an error message. The error box title is RunDLL. In it, it says: There was a problem starting C:\Users\<username>\AppData\Roaming\apssk.dll The specified module could not be found I searched online for 'apssk.dll' and found absolutely nothing. Other than the error box on start-up, nothing seems obviously to be not working, so what I'd like to know is - is it important to fix, and if so how is it done? Toshiba Satellite L360 laptop running Windows 7 Home Premium. I'm not very good on the technical side of computers, so any help or supplementary questions will need to be in nice short words, please! Thank you. Quote
KenB Posted November 13, 2011 Posted November 13, 2011 Hi and welcome to ExTS apss.dll can be found in the System32 folder BUT apssk.dll is not in mine ( Vista at the moment ) Take a look here to see if your apssk.dll is listed: Start > type in ....system32......ENTER Scroll down - the .dll entries are alphabetical. Is apssk.dll listed ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
rhjra Posted November 19, 2011 Author Posted November 19, 2011 What quick answering... Clearly I should have checked back here sooner than I did - I'll know in future. No, there's no apssk.dll; there is an apss.dll. Quote
RandyL Posted November 20, 2011 Posted November 20, 2011 That file is not in my Windows 7 either. Further there should not be any DLL files in that folder (C:\Users\<username>\AppData\Roaming\apssk.dll) Open a folder and press the Alt key click on Tools>Folder options>View. Tick Show hidden files and folders. Uncheck Hide protected operating system files. Now you should be able to navigate and view the file there. DLL files are usually shared files installed by third party programs. If it's not there then the installed program obviously can't find it. Thus the error. But here's the thing. A DLL file should not be in that folder. This of course leads to the possibility of malware. Especially since I can't find any info on it. Have you recently installed any software. You could try doing a system restore but I would be inclined to have a malware specialist look at this first. Would you like to investigate a malware possibilty? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
KenB Posted November 20, 2011 Posted November 20, 2011 I was steering you towards the same conclusion that Randy has provided. Suspected Malware. Quick check - ( but not definitive ) Download MBAM from here: Click on "Products" > you want the free version http://www.malwarebytes.org/ Install > Update > Run It will produce a log. Copy this. Paste it here in your next reply. If this log shows anything one of our Security Experts will advise further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
rhjra Posted November 20, 2011 Author Posted November 20, 2011 Ok, here's the log text. To my untrained eye it looks thoroughly inconclusive: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8202 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 20/11/2011 23:42:58 mbam-log-2011-11-20 (23-42-58).txt Scan type: Quick scan Objects scanned: 170539 Time elapsed: 14 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Quote
KenB Posted November 21, 2011 Posted November 21, 2011 MBAM did not find anything - which is encouraging. Does that .dll exist? Start > Computer > C: > Users > <username> > AppData > Roaming > apssk.dll If it is there - right click on it > delete. Download CCleaner from here: (you want the FREE version ) http://www.piriform.com/ccleaner/download Install, leave it set on the defaults, delete all that it finds. DO NOT run the Registry option. If you are still having problems we will ask one of our security experts to advise further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
rhjra Posted November 21, 2011 Author Posted November 21, 2011 No sign of a file called apssk.dll in that folder. Ran CCleaner and on next restart, the same RunDLL error box came up. Other than having to dismiss the box again no ill effects are apparent. Quote
Plastic Nev Posted November 21, 2011 Posted November 21, 2011 Hi, I just checked this very comprehensive list of known dll files, and cannot find that apssk.dll in there either, a strange puzzle indeed. Have a look here= http://www.what-is-exe.com/ However the list is growing, so it may appear at some stage in the future. Next thing to check is maybe things you have set to run at start up, it may well be a missing file from one of those items. Again another list of useful stuff giving various start up entries, but couldn't find yours however, but still worth a look, it may remind you of something, here = http://www.pacs-portal.co.uk/startup_search.php?by=A Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
RandyL Posted November 22, 2011 Posted November 22, 2011 I think Nev is right on. This has to be a missing file or missing installer file from something you installed if it's not malware. So I ask again Did you install anything recently? If so do a system restore to before that time. Did you "Tick Show hidden files and folders. Uncheck Hide protected operating system files." Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
rhjra Posted November 22, 2011 Author Posted November 22, 2011 I did forget to unhide system folders - I have now done so; hidden folders were already shown. Presumably the checks I was advised to run earlier would have checked the protected folders as well - I don't need to run them again do I? Nev - I haven't set anything to run on start-up that doesn't do so automatically - I wouldn't know how to for one thing. I haven't personally installed anything recently (other than MBAM and CChecker in the last few days), but I think this error box started coming up after Windows Update did a big batch of updating. Is it worth having a look at what it has updated in the last month or so? Quote
KenB Posted November 22, 2011 Posted November 22, 2011 Re: Startup Start > type in ...msconfig ......ENTER Click on "Startup" tab. Most of what is listed is not necessary. You could write down which ones are ticked for reference later. Un-tick all EXCEPT your Antivirus and Firewall. > OK You may be prompted to restart. If you don't get the problem again it is obviously something in the Start-up that is causing it. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted November 22, 2011 Posted November 22, 2011 I really think this is worth a bit of extra investigation. That file is not in my Windows 7 either. It's not in mine either. Google throws up nothing either. Let's have a good look at the system and then we'll take it from there. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
rhjra Posted November 24, 2011 Author Posted November 24, 2011 Eureka... ish. I haven't had time to download and run OTL yet (I'm working a long way from home and leave early and get back late). However, I looked at the start-up items and there's one called KZNNWJVOO (which has no hits in the Famous Search Engine) Manufacturer: Unknown Command: rundll322C:\Users\<username>\AppData\Roaming\apssk.dll",OYWENLMU Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I have unticked it and am about to restart as prompted; I'm unwilling to try and look for it until someone tells me what to do; I don't have the faintest idea what HKCU even is... Quote
RandyL Posted November 24, 2011 Posted November 24, 2011 HKCU is part of the registry. It looks like a registry key is calling on the dll file at startup. Google and pacs-portal can't seem to find anything on those entries however. That concerns me so before doing anything drastic you should post the OTL log. Taking it out of startup is harmless and may help so give that a try. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted November 25, 2011 Posted November 25, 2011 Please don't remove anything until you have run the OTL SCAN and posted the reports. Removing things will only confuse the issue. Thanks Quote Member of:UNITE
rhjra Posted November 25, 2011 Author Posted November 25, 2011 OTL.Txt: OTL logfile created on: 11/25/2011 9:42:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joshua\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 62.82% Memory free 3.74 Gb Paging File | 2.49 Gb Available in Paging File | 66.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116.29 Gb Total Space | 74.70 Gb Free Space | 64.24% Space Free | Partition Type: NTFS Drive D: | 116.21 Gb Total Space | 110.63 Gb Free Space | 95.20% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Joshua | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joshua\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\RSelect\RSelSvc.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosIPCWraper.dll () MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll () MOD - C:\Program Files\Toshiba\FlashCards\Hotkey\FnZ.dll () MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll () MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll () MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll () ========== Win32 Services (SafeList) ========== SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (RapportCerberus_32301) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys () DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\system32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (FwLnk) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1 [2010/03/29 11:27:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/19 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/11 17:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/25 21:35:46 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111113080612.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games-uk.pogo.com/Online2/pogo/astropop/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://games-uk.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab (Playtime Games Launcher) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44050B83-9D72-4F2F-BB61-6A1FEDEB6C1E}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: KZNNWJVOO - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/25 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/11/25 21:36:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joshua\Desktop\OTL.scr [2011/11/25 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DD4E7449-587B-44A1-ABC4-3AF1A39AFA8A} [2011/11/25 21:33:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F7C6C18E-0C68-47A9-B014-640E88D2A7CE} [2011/11/24 22:07:22 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{CEB7C639-8DCC-421B-ACE7-F5E3C4DDE82E} [2011/11/24 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{A4F46B0E-4423-4CED-A473-AEE8C352F9CA} [2011/11/23 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{790D0B12-6B2C-4638-AEF9-D6F49612AF4D} [2011/11/22 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/11/22 22:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/11/22 22:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/11/22 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{D9724197-4834-466F-A30E-4EBCACE39B7B} [2011/11/22 01:08:00 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{B3C7A6AB-B4A2-468F-9AC1-92895D7D81B3} [2011/11/22 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C9F94A56-E288-4395-9D49-F7B605226351} [2011/11/21 13:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/11/21 13:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/11/21 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DAAC17E8-ECFE-4C2D-B6BE-1E218451BA16} [2011/11/21 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{37C4ACC6-78DC-4B4D-9B49-8E36043C35CC} [2011/11/20 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Malwarebytes [2011/11/20 23:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/20 23:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/20 23:25:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/11/20 23:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/11/17 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8E4D8A70-E4AF-4F02-A086-17AAB969C64F} [2011/11/16 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0F62123B-35C0-4404-B0EC-441EDF17270B} [2011/11/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9C92B23D-2DB9-4A89-8B41-71EE27A7CB16} [2011/11/14 16:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{93030BC5-2637-4E53-A7E9-2B8D7EEDBB62} [2011/11/14 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{98C5228A-E812-4CD5-8C47-8653BFB622F0} [2011/11/13 15:45:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9FC5824E-B402-4225-8CDF-28F12AB33A5B} [2011/11/13 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{2D4822CA-A511-4669-BD44-BBA8D0D607EA} [2011/11/11 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{841B8A69-C970-4D73-B791-2DF6E31A056C} [2011/11/11 00:06:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{7DC6FAE7-E555-41DE-ADFA-6CEF83A3560F} [2011/11/11 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{53DE859A-CD87-46D1-8622-AD9082635AA7} [2011/11/09 23:05:19 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/11/09 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{08A18577-DEA7-4F23-8F05-6BD9B15AE3C4} [2011/11/08 15:30:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F789E791-B317-4159-8D97-C0227A28A497} [2011/11/08 00:10:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{EA863A72-98BC-4962-B852-48A177675896} [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/11/07 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{AA6E6D3C-1418-4BBC-91B2-18CC4D0BDB0C} [2011/11/06 23:24:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0428BC40-21E5-4FB1-B9D6-7A8AABAB0B1F} [2011/11/06 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8B8CC277-6AD7-4027-B71F-AF06767A3B0F} [2011/11/05 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{17F111F5-7528-41F7-8422-A5F8FE1DDC08} [2011/11/05 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{60F25EE1-462B-426F-9629-F4BE4CF3DFA2} [2011/11/04 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{FC91F3D8-EE0A-457F-8726-B8E3854CA6F5} [2011/11/03 23:43:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{90387648-2A06-4B63-9176-0F78EB0004DC} [2011/11/03 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{3D979A9D-E410-4F8E-8FC9-014EA948D64C} [2011/11/02 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8DAB52E1-4391-4A4A-A5DB-A54F6F7E243D} [2011/11/02 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8A089BAA-79FD-4F22-AC7E-1576F614E42E} [2011/11/01 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{5DC30BF5-989A-42F2-A80D-BC89C64B10B5} [2011/11/01 23:41:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C6EF8B13-1B28-4380-AF42-5E21D8C955B8} [2011/10/29 00:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/10/29 00:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/10/27 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DBAEA556-03CC-4791-89D8-3A499D508065} [2011/10/27 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{702B4433-F025-4540-9CDF-891D096DD3D3} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/25 21:39:38 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/25 21:39:38 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/25 21:37:23 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2011/11/25 21:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Desktop\OTL.scr [2011/11/25 21:32:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/25 21:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/11/25 21:31:59 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys [2011/11/24 23:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/23 22:09:41 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/11/23 22:09:41 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/11/22 22:47:06 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/21 13:34:20 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/11/13 23:49:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/11/13 11:01:33 | 000,199,475 | ---- | M] () -- C:\Users\Joshua\Documents\Cuffley JD.pdf [2011/11/10 03:39:02 | 000,358,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/22 22:47:06 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/21 13:34:20 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/11/13 11:01:32 | 000,199,475 | ---- | C] () -- C:\Users\Joshua\Documents\Cuffley JD.pdf [2011/01/24 15:15:49 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011/01/21 06:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/08/01 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/19 23:06:54 | 000,000,100 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\wklnhst.dat [2009/12/07 19:03:51 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2009/12/02 00:48:00 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2009/10/15 10:11:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009/09/04 16:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/09/04 16:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/08/27 06:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009/08/27 06:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009/08/27 06:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009/08/27 06:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:33:53 | 000,358,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 02:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 02:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/04/15 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ACAMPREF [2011/10/04 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Audacity [2009/11/25 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Noteworthy Software [2011/05/21 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\OverDrive [2009/12/03 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Pogo Games [2011/10/05 09:20:01 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Spotify [2010/02/19 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Template [2009/11/27 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Toshiba [2010/11/15 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Trusteer [2009/11/27 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\WildTangent [2011/01/24 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\WinBatch [2010/10/31 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Windows Live Writer [2011/03/30 10:58:32 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011/11/25 21:31:59 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys [2011/11/25 21:32:05 | 2009,063,424 | -HS- | M] () -- C:\pagefile.sys [2009/09/07 14:01:01 | 000,000,124 | -H-- | M] () -- C:\SWSTAMP.TXT < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll [2010/11/20 12:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/10 23:44:57 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/10 23:44:58 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C46995DA < End of report > Extras.Txt OTL Extras logfile created on: 11/25/2011 9:42:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joshua\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 62.82% Memory free 3.74 Gb Paging File | 2.49 Gb Available in Paging File | 66.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116.29 Gb Total Space | 74.70 Gb Free Space | 64.24% Space Free | Partition Type: NTFS Drive D: | 116.21 Gb Total Space | 110.63 Gb Free Space | 95.20% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Joshua | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{154C378D-D990-42DF-BDFD-5225E2EE3D8C}" = V.92 Modem On Hold "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 29 "{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype Launcher "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay "{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "CCleaner" = CCleaner "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "CutePDF Writer Installation" = CutePDF Writer 2.8 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook "Finale PrintMusic 2010" = Finale PrintMusic 2010 "Harmony Assistant" = Harmony Assistant "HDMI" = Intel® Graphics Media Accelerator Driver "hedgewars" = Hedgewars "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board "InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSC" = McAfee Internet Security "NoteWorthy Composer 2" = NoteWorthy Composer 2 "Rapport_msi" = Rapport "RealPlayer 12.0" = RealPlayer "Spotify" = Spotify "SynTPDeinstKey" = Synaptics Pointing Device Driver "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "493772c2b42d22b9" = Click MusicalKEYS ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/15/2011 9:33:18 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4337 Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5335 Error - 11/15/2011 9:33:19 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5335 Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6333 Error - 11/15/2011 9:33:20 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6333 Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7784 Error - 11/15/2011 9:33:21 AM | Computer Name = TOSH | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7784 [ System Events ] Error - 11/21/2011 11:54:57 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error %%-1073473535. Error - 11/21/2011 11:54:57 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/21/2011 12:51:00 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/21/2011 5:32:16 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 11/22/2011 4:21:36 AM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/22/2011 1:57:58 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = Error - 11/22/2011 6:37:38 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/22/2011 6:38:20 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/22/2011 6:39:20 PM | Computer Name = TOSH | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056 Error - 11/25/2011 5:37:42 PM | Computer Name = TOSH | Source = bowser | ID = 8003 Description = < End of report > Quote
Starbuck Posted November 25, 2011 Posted November 25, 2011 Hi rhjra Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (Reg Error: Key error.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2011/11/07 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{AA6E6D3C-1418-4BBC-91B2-18CC4D0BDB0C} [2011/11/06 23:24:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0428BC40-21E5-4FB1-B9D6-7A8AABAB0B1F} [2011/11/06 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8B8CC277-6AD7-4027-B71F-AF06767A3B0F} [2011/11/05 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{17F111F5-7528-41F7-8422-A5F8FE1DDC08} [2011/11/05 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{60F25EE1-462B-426F-9629-F4BE4CF3DFA2} [2011/11/04 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{FC91F3D8-EE0A-457F-8726-B8E3854CA6F5} [2011/11/03 23:43:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{90387648-2A06-4B63-9176-0F78EB0004DC} [2011/11/03 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{3D979A9D-E410-4F8E-8FC9-014EA948D64C} [2011/11/02 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8DAB52E1-4391-4A4A-A5DB-A54F6F7E243D} [2011/11/02 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8A089BAA-79FD-4F22-AC7E-1576F614E42E} [2011/11/01 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{5DC30BF5-989A-42F2-A80D-BC89C64B10B5} [2011/11/01 23:41:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C6EF8B13-1B28-4380-AF42-5E21D8C955B8} [2011/10/27 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DBAEA556-03CC-4791-89D8-3A499D508065} [2011/10/27 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{702B4433-F025-4540-9CDF-891D096DD3D3} [2011/11/09 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{08A18577-DEA7-4F23-8F05-6BD9B15AE3C4} [2011/11/08 15:30:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F789E791-B317-4159-8D97-C0227A28A497} [2011/11/08 00:10:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{EA863A72-98BC-4962-B852-48A177675896} [2011/11/17 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{8E4D8A70-E4AF-4F02-A086-17AAB969C64F} [2011/11/16 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{0F62123B-35C0-4404-B0EC-441EDF17270B} [2011/11/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9C92B23D-2DB9-4A89-8B41-71EE27A7CB16} [2011/11/14 16:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{93030BC5-2637-4E53-A7E9-2B8D7EEDBB62} [2011/11/14 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{98C5228A-E812-4CD5-8C47-8653BFB622F0} [2011/11/13 15:45:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{9FC5824E-B402-4225-8CDF-28F12AB33A5B} [2011/11/13 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{2D4822CA-A511-4669-BD44-BBA8D0D607EA} [2011/11/11 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{841B8A69-C970-4D73-B791-2DF6E31A056C} [2011/11/11 00:06:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{7DC6FAE7-E555-41DE-ADFA-6CEF83A3560F} [2011/11/11 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{53DE859A-CD87-46D1-8622-AD9082635AA7} [2011/11/21 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DAAC17E8-ECFE-4C2D-B6BE-1E218451BA16} [2011/11/21 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{37C4ACC6-78DC-4B4D-9B49-8E36043C35CC} [2011/11/22 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{D9724197-4834-466F-A30E-4EBCACE39B7B} [2011/11/22 01:08:00 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{B3C7A6AB-B4A2-468F-9AC1-92895D7D81B3} [2011/11/22 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{C9F94A56-E288-4395-9D49-F7B605226351} [2011/11/25 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{DD4E7449-587B-44A1-ABC4-3AF1A39AFA8A} [2011/11/25 21:33:35 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{F7C6C18E-0C68-47A9-B014-640E88D2A7CE} [2011/11/24 22:07:22 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{CEB7C639-8DCC-421B-ACE7-F5E3C4DDE82E} [2011/11/24 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{A4F46B0E-4423-4CED-A473-AEE8C352F9CA} [2011/11/23 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{790D0B12-6B2C-4638-AEF9-D6F49612AF4D} MsConfig - StartUpReg: KZNNWJVOO - hkey= - key= - File not found @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C46995DA :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report Thanks. Quote Member of:UNITE
rhjra Posted November 26, 2011 Author Posted November 26, 2011 OTLFixLog.Txt All processes killed ========== OTL ========== Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429} C:\Windows\Downloaded Program Files\SETUP.INF moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Users\Joshua\AppData\Local\{AA6E6D3C-1418-4BBC-91B2-18CC4D0BDB0C} folder moved successfully. C:\Users\Joshua\AppData\Local\{0428BC40-21E5-4FB1-B9D6-7A8AABAB0B1F} folder moved successfully. C:\Users\Joshua\AppData\Local\{8B8CC277-6AD7-4027-B71F-AF06767A3B0F} folder moved successfully. C:\Users\Joshua\AppData\Local\{17F111F5-7528-41F7-8422-A5F8FE1DDC08} folder moved successfully. C:\Users\Joshua\AppData\Local\{60F25EE1-462B-426F-9629-F4BE4CF3DFA2} folder moved successfully. C:\Users\Joshua\AppData\Local\{FC91F3D8-EE0A-457F-8726-B8E3854CA6F5} folder moved successfully. C:\Users\Joshua\AppData\Local\{90387648-2A06-4B63-9176-0F78EB0004DC} folder moved successfully. C:\Users\Joshua\AppData\Local\{3D979A9D-E410-4F8E-8FC9-014EA948D64C} folder moved successfully. C:\Users\Joshua\AppData\Local\{8DAB52E1-4391-4A4A-A5DB-A54F6F7E243D} folder moved successfully. C:\Users\Joshua\AppData\Local\{8A089BAA-79FD-4F22-AC7E-1576F614E42E} folder moved successfully. C:\Users\Joshua\AppData\Local\{5DC30BF5-989A-42F2-A80D-BC89C64B10B5} folder moved successfully. C:\Users\Joshua\AppData\Local\{C6EF8B13-1B28-4380-AF42-5E21D8C955B8} folder moved successfully. C:\Users\Joshua\AppData\Local\{DBAEA556-03CC-4791-89D8-3A499D508065} folder moved successfully. C:\Users\Joshua\AppData\Local\{702B4433-F025-4540-9CDF-891D096DD3D3} folder moved successfully. C:\Users\Joshua\AppData\Local\{08A18577-DEA7-4F23-8F05-6BD9B15AE3C4} folder moved successfully. C:\Users\Joshua\AppData\Local\{F789E791-B317-4159-8D97-C0227A28A497} folder moved successfully. C:\Users\Joshua\AppData\Local\{EA863A72-98BC-4962-B852-48A177675896} folder moved successfully. C:\Users\Joshua\AppData\Local\{8E4D8A70-E4AF-4F02-A086-17AAB969C64F} folder moved successfully. C:\Users\Joshua\AppData\Local\{0F62123B-35C0-4404-B0EC-441EDF17270B} folder moved successfully. C:\Users\Joshua\AppData\Local\{9C92B23D-2DB9-4A89-8B41-71EE27A7CB16} folder moved successfully. C:\Users\Joshua\AppData\Local\{93030BC5-2637-4E53-A7E9-2B8D7EEDBB62} folder moved successfully. C:\Users\Joshua\AppData\Local\{98C5228A-E812-4CD5-8C47-8653BFB622F0} folder moved successfully. C:\Users\Joshua\AppData\Local\{9FC5824E-B402-4225-8CDF-28F12AB33A5B} folder moved successfully. C:\Users\Joshua\AppData\Local\{2D4822CA-A511-4669-BD44-BBA8D0D607EA} folder moved successfully. C:\Users\Joshua\AppData\Local\{841B8A69-C970-4D73-B791-2DF6E31A056C} folder moved successfully. C:\Users\Joshua\AppData\Local\{7DC6FAE7-E555-41DE-ADFA-6CEF83A3560F} folder moved successfully. C:\Users\Joshua\AppData\Local\{53DE859A-CD87-46D1-8622-AD9082635AA7} folder moved successfully. C:\Users\Joshua\AppData\Local\{DAAC17E8-ECFE-4C2D-B6BE-1E218451BA16} folder moved successfully. C:\Users\Joshua\AppData\Local\{37C4ACC6-78DC-4B4D-9B49-8E36043C35CC} folder moved successfully. C:\Users\Joshua\AppData\Local\{D9724197-4834-466F-A30E-4EBCACE39B7B} folder moved successfully. C:\Users\Joshua\AppData\Local\{B3C7A6AB-B4A2-468F-9AC1-92895D7D81B3} folder moved successfully. C:\Users\Joshua\AppData\Local\{C9F94A56-E288-4395-9D49-F7B605226351} folder moved successfully. C:\Users\Joshua\AppData\Local\{DD4E7449-587B-44A1-ABC4-3AF1A39AFA8A} folder moved successfully. C:\Users\Joshua\AppData\Local\{F7C6C18E-0C68-47A9-B014-640E88D2A7CE} folder moved successfully. C:\Users\Joshua\AppData\Local\{CEB7C639-8DCC-421B-ACE7-F5E3C4DDE82E} folder moved successfully. C:\Users\Joshua\AppData\Local\{A4F46B0E-4423-4CED-A473-AEE8C352F9CA} folder moved successfully. C:\Users\Joshua\AppData\Local\{790D0B12-6B2C-4638-AEF9-D6F49612AF4D} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KZNNWJVOO\ deleted successfully. ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully. ADS C:\ProgramData\TEMP:C46995DA deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Joshua\Desktop\cmd.bat deleted successfully. C:\Users\Joshua\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Joshua ->Temp folder emptied: 10615151 bytes ->Temporary Internet Files folder emptied: 301446647 bytes ->Java cache emptied: 391653599 bytes ->Flash cache emptied: 4718 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 671.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11262011_103728 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ESET found nothing. There wasn't a List of Found Threats button. It said Scanned Files: 166612 Infected Files: 0 Cleaned Files: 0 Total scan time: 04:53:35 Scan status: Finished Before it started it said it detected my McAfee Security Centre and MS Windows Defender. Windows Defender is off anyway but I couldn't work out how to turn McAfee off temporarily, and its own help file doesn't tell you either. If you think it did interfere I'll have to have a good look around for how to disable McAfee. Quote
Starbuck Posted November 27, 2011 Posted November 27, 2011 Hi rhjra Scanned Files: 166612 Infected Files: 0 Cleaned Files: 0 Total scan time: 04:53:35 Scan seems to have run ok. How's the system running now? Any problems? Quote Member of:UNITE
rhjra Posted November 27, 2011 Author Posted November 27, 2011 It isn't showing the error on startup any more, however I did disable it in MSConfig. *** Actually, I just thought to have a look and the weird item KZNNWJVOO has disappeared from the list of startup items completely, so it looks like one of the steps you directed me to got rid of it. I suppose now we'll never know what it was... Thank you for your help Starbuck, RandyL and KenB Quote
Starbuck Posted November 29, 2011 Posted November 29, 2011 Hi rhjra however I did disable it in MSConfig. I know and i removed the MsConfig registry entry in the fix. MsConfig - StartUpReg: KZNNWJVOO - hkey= - key= - File not found I suppose now we'll never know what it was... This is why sometimes it actually helps us if the entry is left running. That way we can see more information on it. For unknown entries like this we do have a way of submitting them to writers/vendors of antimalware programs for analysis, if they're still active on the system. Let's finish off some cleaning now. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 3 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click Start >> Computer >> System Properties >> System Protection. Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure. select Turn off system protection under Restore Settings and click Delete button. Click Continue in the confirmation window and click Close after the restore points have been deleted. Then click OK to close properties for the drive. Now reboot the system. Follow the above procedure again, only this time click Restore system settings and previous Versions of files. Then click OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Glad we was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.