 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
 Posted: Fri Jun 29, 2012 9:03 am Post subject: User account profile problem |
 |
|
Ok will try again and hope the DDS fits in one post. Windows vista home eddition, was slow to start up, checked even log and getting error message 1542 windows cannot load classes registry file. The system cannot find the file specified. Noticed that no recovery disc done so tried to do was denied access to recovery creator from this user but not as a guest.
DDS note
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Mary at 21:11:58 on 2012-06-27
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1915.990 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\SOCCER~2\bar\2.bin\j2barsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uDefault_Page_URL = hxxp://home.eircom.net/cdrom/homepage/
uWindow Title = Microsoft Internet Explorer provided by Eircom
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {a24f3f59-1021-4e02-856c-99d9b4a03d83} - c:\program files\soccerinferno\bar\2.bin\j2SrcAs.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Toolbar BHO: {285028f8-201e-4f8f-827b-7381fc181c3e} - c:\progra~1\soccer~2\bar\2.bin\j2bar.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Search Assistant BHO: {73b8e1fd-331f-4c17-8613-8a3034d3b0ca} - c:\program files\soccerinferno\bar\2.bin\j2SrcAs.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - c:\progra~1\rebate~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: SoccerInferno: {c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} - c:\program files\soccerinferno\bar\2.bin\j2bar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{72BF35E4-4A1F-4AD6-9FCF-C78E1FC30344} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14} : DhcpNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\rebate~1\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SoccerInfernoService;SoccerInferno Service;c:\progra~1\soccer~2\bar\2.bin\j2barsvc.exe [2011-3-25 36864]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-8-7 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-7 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-27 20:01:05 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9d1bbe2-b531-472c-bf17-c287350420d4}\mpengine.dll
2012-06-26 17:43:44 -------- d-----w- c:\windows\pss
2012-06-26 17:26:11 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-25 20:12:17 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 20:12:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-22 18:31:20 -------- d-sh--w- C:\found.000
2012-06-22 18:31:20 -------- d-sh--w- \found.000
2012-06-13 17:22:20 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2777fc9f-6698-4d6a-a746-086c63552f55}\gapaengine.dll
.
==================== Find3M ====================
.
2012-05-05 09:56:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:56:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 21:13:02.64 ===============
dds attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/12/2008 19:17:43
System Uptime: 27/06/2012 21:00:07 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 81.584 GiB free.
E: is FIXED (NTFS) - 115 GiB total, 109.633 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP384: 26/06/2012 18:25:38 - Installed Java(TM) 6 Update 7
RP385: 26/06/2012 19:12:25 - 26th June 2012
RP386: 26/06/2012 19:13:35 - Windows Update
RP387: 27/06/2012 20:56:28 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3 DataModem HSDPA
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AppGraffiti
Ask Toolbar
Buzz Lightyear of Star Command
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
DVD MovieFactory for TOSHIBA
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Scan
EPSON Web-To-Page
ESDX5000_CX4900 User's Guide
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
myphotobook 3.6
NetWaiting
Picasa 3
PIF DESIGNER
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RebateInformer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Click to Call
Skype™ 5.5
SoccerInferno
Synaptics Pointing Device Driver
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Media Encoder 9 Series
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
27/06/2012 20:57:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.483.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/06/2012 20:33:50, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mary-PC\Guest SID (S-1-5-21-1070603597-2030620970-1217680893-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
26/06/2012 00:36:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/06/2012 00:21:01, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB948465 (Service Pack) into Resolved(Resolved) state
26/06/2012 00:06:59, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 23:56:49, Error: EventLog [6008] - The previous system shutdown at 23:55:39 on 25/06/2012 was unexpected.
25/06/2012 23:48:47, Error: EventLog [6008] - The previous system shutdown at 23:47:23 on 25/06/2012 was unexpected.
25/06/2012 22:01:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 21:45:30, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 21:09:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:09:59, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 21:08:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/06/2012 21:08:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/06/2012 21:08:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
25/06/2012 20:59:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
25/06/2012 20:59:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25/06/2012 20:59:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
25/06/2012 20:59:46, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:59:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
25/06/2012 20:58:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/06/2012 20:58:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/06/2012 20:54:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 18:53:46, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
24/06/2012 12:30:18, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/06/2012 12:55:11, Error: Ntfs [137] - The default transaction resource manager on volume Vista encountered a non-retryable error and could not start. The data contains the error code.
23/06/2012 12:54:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.268.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/06/2012 12:34:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
22/06/2012 19:36:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
22/06/2012 19:36:08, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/06/2012 19:36:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/06/2012 19:36:07, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
22/06/2012 19:35:33, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
22/06/2012 19:12:06, Error: EventLog [6008] - The previous system shutdown at 19:04:53 on 22/06/2012 was unexpected.
22/06/2012 18:48:51, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
22/06/2012 18:48:44, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Vista.
22/06/2012 08:43:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00215D70A1DE has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
22/06/2012 08:15:01, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Mary\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
22/06/2012 08:14:58, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Diagnosis-DPS/Operational.
21/06/2012 19:00:13, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
.
==== End Of File =========================== |
|
| Back to top |
|
 |
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Tue Jul 10, 2012 10:30 am Post subject: |
|
|
| Sorry for delay in replying to you but I had almost given up checking. The computer belongs to my sister and she asked me to have a look at it for her because I had managed to fix my own. Originally it was not connecting to the internet and google was acting up but I managed to sort that out. The problems left are the user account profile which I have created a new profile which does not seem to be corrupt so I can delete that if necessary but it will not update windows to service pack 2 - I get error message 800f0900 when I try. Because it just started acting so weirdlyw ith the internet etc I am assuming it is malware of some sort. I have put mse on it and malware antimalware and they are coming up clean. I really appreciated the help the last time. |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Wed Jul 11, 2012 1:10 am Post subject: |
|
|
Hi partnership,
| Quote: |
| Sorry for delay in replying to you but I had almost given up checking |
Again sorry for the delay, we are a bit short of helpers at present.
Ok lets check things out, continue with the instructions below and post the requested logs.
Uninstall programs
- Click on Start.
- All programs.
- Accessories.
- Run.
- In the open text box copy/paste appwiz.cpl Then click Ok.
- Uninstall the following if present.
| Quote: |
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Ask Toolbar
Java(TM) 6 Update 6
Java(TM) 6 Update 7 |
Next.
Please download OTL by Old Timer and save it to your Desktop.
- Right click on OTL.exe And select Run as administrator to run it.
- Under Output, ensure that Standard Output is selected.
- Under Extra Registry section, select Use SafeList.
- Click the Scan All Users checkbox.
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
Next.
Please download aswMBR and save it to your Desktop.
- Right click aswMBR.exe & choose "Run as Administrator" to run it.
- Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
- With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
- After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK > Exit.
- Note: Do not attempt to fix anything at this stage!
- Two files will be created, aswMBR.txt & a file named MBR.dat.
- MBR.dat is a backup of the MBR(master boot record), do not delete it..
- I strongly suggest you keep a copy of this backup stored on an external device.
- Copy & Paste the contents of aswMBR.txt into your next reply.
Logs/Information to Post in your Next Reply
- OTL.txt and Extra.txt contents.
- aswMBR.txt
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Wed Jul 11, 2012 10:49 am Post subject: |
|
|
ok uninstalled programmes. The adobe reader security update was not there anyway.
Ran scans
otl txt
OTL logfile created on: 11/07/2012 19:07:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mary Carty\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.54% Memory free
3.98 Gb Paging File | 2.99 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 74.86 Gb Free Space | 64.38% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 109.63 Gb Free Space | 95.22% Space Free | Partition Type: NTFS
Computer Name: MARY-PC | User Name: Mary Carty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/11 19:07:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Carty\Desktop\OTL.exe
PRC - [2012/07/11 14:32:13 | 000,453,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.129.1379.0.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/31 13:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2011/03/25 21:00:36 | 000,036,864 | ---- | M] (SoccerInferno) -- C:\Program Files\SoccerInferno\bar\2.bin\j2barsvc.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012/05/05 10:56:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/25 21:00:36 | 000,036,864 | ---- | M] (SoccerInferno) [Auto | Running] -- C:\Program Files\SoccerInferno\bar\2.bin\j2barsvc.exe -- (SoccerInfernoService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/01 10:18:00 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D4DBAEF1-A723-4BF6-A0C8-714C46311DE8}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{D4DBAEF1-A723-4BF6-A0C8-714C46311DE8}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYie&ptnrS=XRxdm005YYie&ptb=65B5FFE6-9DEF-4BE2-A076-E9B4F5E8E2B7&psa=&ind=2012062913&st=sb&n=77eda4c1&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net/cdrom/homepage/
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ie/
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\URLSearchHook: {a24f3f59-1021-4e02-856c-99d9b4a03d83} - C:\Program Files\SoccerInferno\bar\2.bin\j2SrcAs.dll (SoccerInferno)
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes,DefaultScope = {fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=LGfYbbPO-REKoWjAdhNHQSuHp1c?q={searchTerms}
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes\{909D8E2D-8087-48FF-A737-A3D1F6DE9A71}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=QK&apn_dtid=YYYYYYYYIE&apn_uid=27DAFF12-743F-4CA6-B208-FAF51E780029&apn_sauid=
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYie&ptnrS=XRxdm005YYie&ptb=65B5FFE6-9DEF-4BE2-A076-E9B4F5E8E2B7&psa=&ind=2012062913&st=sb&n=77eda4c1&searchfor={searchTerms}
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SoccerInferno.com/Plugin: C:\Program Files\SoccerInferno\bar\2.bin\NPj2Stub.dll (SoccerInferno)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\j2ffxtbr@SoccerInferno.com: C:\Program Files\SoccerInferno\bar\2.bin [2011/03/25 21:00:46 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Toolbar BHO) - {285028f8-201e-4f8f-827b-7381fc181c3e} - C:\Program Files\SoccerInferno\bar\2.bin\j2bar.dll (SoccerInferno)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Search Assistant BHO) - {73b8e1fd-331f-4c17-8613-8a3034d3b0ca} - C:\Program Files\SoccerInferno\bar\2.bin\j2SrcAs.dll (SoccerInferno)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SoccerInferno) - {c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} - C:\Program Files\SoccerInferno\bar\2.bin\j2bar.dll (SoccerInferno)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (SoccerInferno) - {C5A318C1-D1D9-41F0-85FE-41CC9FB25E75} - C:\Program Files\SoccerInferno\bar\2.bin\j2bar.dll (SoccerInferno)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72BF35E4-4A1F-4AD6-9FCF-C78E1FC30344}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/11 19:07:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mary Carty\Desktop\OTL.exe
[2012/07/11 19:02:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/11 19:02:17 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\Adobe
[2012/07/07 17:54:21 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\Documents\OneNote Notebooks
[2012/07/01 21:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Roaming\Skype
[2012/07/01 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\Documents\MyHeritage
[2012/07/01 21:43:28 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Documents\Favorites
[2012/07/01 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Documents\Documents
[2012/06/29 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\ElevatedDiagnostics
[2012/06/29 18:17:30 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Roaming\Adobe
[2012/06/29 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\Documents\My Google Gadgets
[2012/06/29 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\Google
[2012/06/29 18:14:37 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Searches
[2012/06/29 18:14:37 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/29 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Roaming\Identities
[2012/06/29 18:14:25 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Contacts
[2012/06/29 18:14:24 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\VirtualStore
[2012/06/29 18:14:16 | 000,000,000 | --SD | C] -- C:\Users\Mary Carty\AppData\Roaming\Microsoft
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Videos
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Saved Games
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Pictures
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Music
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Links
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Favorites
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Downloads
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Documents
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\Desktop
[2012/06/29 18:14:16 | 000,000,000 | R--D | C] -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\AppData\Local\Temporary Internet Files
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Templates
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Start Menu
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\SendTo
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Recent
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\PrintHood
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\NetHood
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Documents\My Videos
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Documents\My Pictures
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Documents\My Music
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\My Documents
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Local Settings
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\AppData\Local\History
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Cookies
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\Application Data
[2012/06/29 18:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Mary Carty\AppData\Local\Application Data
[2012/06/29 18:14:16 | 000,000,000 | -H-D | C] -- C:\Users\Mary Carty\AppData
[2012/06/29 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\Temp
[2012/06/29 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\Microsoft Help
[2012/06/29 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Local\Microsoft
[2012/06/29 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Roaming\Media Center Programs
[2012/06/29 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mary Carty\AppData\Roaming\Macromedia
[2012/06/26 18:43:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 21:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 21:12:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/25 21:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/22 19:31:20 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/11 19:12:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{911870E0-518C-4C15-90C7-A0D0B18D4858}.job
[2012/07/11 19:07:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Carty\Desktop\OTL.exe
[2012/07/11 18:59:06 | 000,001,833 | ---- | M] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/07/11 18:58:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 18:58:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/11 18:56:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 18:56:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 18:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 18:56:03 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/10 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 17:54:21 | 000,001,116 | ---- | M] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/07/01 21:45:07 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/01 21:35:49 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/01 21:35:49 | 000,114,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/29 18:17:14 | 000,000,948 | ---- | M] () -- C:\Users\Mary Carty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/25 21:49:21 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/07 17:54:21 | 000,001,116 | ---- | C] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/29 18:17:14 | 000,000,948 | ---- | C] () -- C:\Users\Mary Carty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/29 18:14:38 | 000,000,954 | ---- | C] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/29 18:14:36 | 000,000,949 | ---- | C] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/29 18:14:25 | 000,000,920 | ---- | C] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/06/29 18:14:16 | 000,001,833 | ---- | C] () -- C:\Users\Mary Carty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/06/29 18:14:16 | 000,000,258 | ---- | C] () -- C:\Users\Mary Carty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/29 18:14:16 | 000,000,240 | ---- | C] () -- C:\Users\Mary Carty\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/25 21:49:21 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 21:27:57 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/19 14:38:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/24 14:19:12 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/24 14:19:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/24 14:19:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/24 14:19:12 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/24 14:19:12 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/24 14:19:12 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/24 14:19:12 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/24 14:19:12 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/24 14:19:12 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/24 14:19:12 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/24 14:19:12 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/24 14:19:12 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/24 14:19:12 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/24 14:19:12 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/24 14:19:12 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/24 14:19:12 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/24 14:19:12 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/24 14:19:12 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/24 14:19:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/24 14:16:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2010/08/28 17:14:26 | 000,001,092 | ---- | C] () -- C:\Windows\disney.ini
< End of report >
extra txt
OTL Extras logfile created on: 11/07/2012 19:07:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mary Carty\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.54% Memory free
3.98 Gb Paging File | 2.99 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 74.86 Gb Free Space | 64.38% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 109.63 Gb Free Space | 95.22% Space Free | Partition Type: NTFS
Computer Name: MARY-PC | User Name: Mary Carty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3EE1C778-DA1B-43ED-99E7-0A5E43AB1577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{2341493F-74FB-4AD7-86E9-04DFE0BB281D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4E7BCCE7-2CD6-473D-BB59-564A42192D24}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{58789E9D-F785-4852-A940-AD8B11044323}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{AD53FB4E-1124-46C1-9C31-8CE9F3A03A51}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3 DataModem HSDPA" = 3 DataModem HSDPA
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Buzz Lightyear of Star Command" = Buzz Lightyear of Star Command
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX5000_CX4900 User's Guide" = ESDX5000_CX4900 User's Guide
"Family Tree Builder" = MyHeritage Family Tree Builder
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"myphotobook" = myphotobook 3.6
"Picasa 3" = Picasa 3
"SoccerInfernobar Uninstall" = SoccerInferno
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Zynga Toolbar" = Zynga Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07/10/2011 10:42:17 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 07/10/2011 11:04:02 | Computer Name = Mary-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module IEShims.dll, version 8.0.6001.19088, time stamp 0x4de0907b,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x3b4, application
start time 0x01cc8502598f7ae5.
Error - 07/10/2011 14:09:40 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/10/2011 05:35:19 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/10/2011 16:13:59 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/10/2011 16:27:34 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/10/2011 13:35:53 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/10/2011 14:50:46 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/10/2011 15:58:43 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/10/2011 13:09:38 | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10/07/2012 13:22:04 | Computer Name = Mary-PC | Source = HTTP | ID = 15016
Description =
Error - 10/07/2012 16:32:51 | Computer Name = Mary-PC | Source = HTTP | ID = 15016
Description =
Error - 11/07/2012 03:01:21 | Computer Name = Mary-PC | Source = HTTP | ID = 15016
Description =
Error - 11/07/2012 12:05:00 | Computer Name = Mary-PC | Source = HTTP | ID = 15016
Description =
Error - 11/07/2012 12:05:53 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11/07/2012 12:05:53 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11/07/2012 13:56:29 | Computer Name = Mary-PC | Source = HTTP | ID = 15016
Description =
Error - 11/07/2012 14:02:20 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 11/07/2012 14:02:20 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11/07/2012 14:02:20 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
aswmbr.txt
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 19:18:18
-----------------------------
19:18:18.536 OS Version: Windows 6.0.6001 Service Pack 1
19:18:18.536 Number of processors: 2 586 0xF0D
19:18:18.536 ComputerName: MARY-PC UserName:
19:18:35.696 Initialize success
19:29:04.477 AVAST engine defs: 12071101
19:29:32.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:29:32.557 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
19:29:32.557 Disk 0 MBR read successfully
19:29:32.573 Disk 0 MBR scan
19:29:32.573 Disk 0 Windows VISTA default MBR code
19:29:32.604 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:29:32.651 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
19:29:32.729 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
19:29:32.791 Disk 0 scanning sectors +488395120
19:29:32.932 Disk 0 scanning C:\Windows\system32\drivers
19:29:50.669 Service scanning
19:30:07.626 Service MpKslb3c9e51b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AB26448-E6BF-4D2C-BA5E-2F3E5238B42F}\MpKslb3c9e51b.sys **LOCKED** 32
19:30:34.474 Modules scanning
19:30:45.706 Disk 0 trace - called modules:
19:30:45.737 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:30:45.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858052b8]
19:30:45.753 3 CLASSPNP.SYS[87d7f745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84d54028]
19:30:46.923 AVAST engine scan C:\Windows
19:30:55.752 AVAST engine scan C:\Windows\system32
19:36:18.859 AVAST engine scan C:\Windows\system32\drivers
19:36:36.238 AVAST engine scan C:\Users\Mary Carty
19:39:40.224 AVAST engine scan C:\ProgramData
19:40:43.404 Scan finished successfully
19:42:37.534 Disk 0 MBR has been saved successfully to "C:\Users\Mary Carty\Desktop\MBR.dat"
19:42:37.565 The log file has been saved successfully to "C:\Users\Mary Carty\Desktop\aswMBR.txt"
I have run these using the new profile I created not the corrupt one - does that matter? |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Wed Jul 11, 2012 11:45 am Post subject: |
|
|
Hi partnership,
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- First please Disable any Antivirus you have active, as shown in This topic.
- Note: Don't forget to re-enable it after the scan.
- Next hold down Control then click on the following link to open a new window to ESET online scannner
- Select the option YES, I accept the Terms of Use then click on Start.
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on Start.
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on Finish.
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Thu Jul 12, 2012 11:00 am Post subject: |
|
|
eset
C:\Program Files\SoccerInferno\bar\2.bin\j2datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files\SoccerInferno\bar\2.bin\j2html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Program Files\SoccerInferno\bar\2.bin\j2htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files\SoccerInferno\bar\2.bin\j2Plugin.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\SoccerInferno\bar\2.bin\j2skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Users\Mary\AppData\LocalLow\SoccerInferno\bar\setups\SoccerInfernoAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Fri Jul 13, 2012 2:11 am Post subject: |
|
|
Hi partnership,
If you don't use this Program i would uninstall it.
We need to run an OTL Fix
- Right-click OTL.exe and select " Run as administrator " to run it.
- Copy and Paste the following code into the
 textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:otl
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D4DBAEF1-A723-4BF6-A0C8-714C46311DE8}
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYie&ptnrS=XRxdm005YYie&ptb=65B5FFE6-9DEF-4BE2-A076-E9B4F5E8E2B7&psa=&ind=2012062913&st=sb&n=77eda4c1&searchfor={searchTerms}
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes,DefaultScope = {fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes\{909D8E2D-8087-48FF-A737-A3D1F6DE9A71}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=QK&apn_dtid=YYYYYYYYIE&apn_uid=27DAFF12-743F-4CA6-B208-FAF51E780029&apn_sauid=
IE - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYie&ptnrS=XRxdm005YYie&ptb=65B5FFE6-9DEF-4BE2-A076-E9B4F5E8E2B7&psa=&ind=2012062913&st=sb&n=77eda4c1&searchfor={searchTerms}
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-1070603597-2030620970-1217680893-1001\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
[2012/06/22 19:31:20 | 000,000,000 | -HSD | C] -- C:\found.000
:files
C:\Program Files\Family Toolbar
C:\Program Files\Inbox Toolbar
ipconfig /flushdns /c
:commands
[emptytemp]
[clearallrestorepoints]
|
Then click the Run Fix button at the top.
Click  .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Fri Jul 13, 2012 2:34 am Post subject: |
|
|
OTL report
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
C:\Program Files\Zynga\tbZyng.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\SearchScopes\{909D8E2D-8087-48FF-A737-A3D1F6DE9A71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{909D8E2D-8087-48FF-A737-A3D1F6DE9A71}\ not found.
Registry key HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
C:\Program Files\Family Toolbar\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\tbZyng.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ deleted successfully.
File C:\Program Files\Family Toolbar\tbcore3.dll not found.
Registry value HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
File C:\Program Files\Zynga\tbZyng.dll not found.
Registry value HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_USERS\S-1-5-21-1070603597-2030620970-1217680893-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ not found.
File C:\Program Files\Family Toolbar\tbcore3.dll not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
C:\found.000 folder moved successfully.
========== FILES ==========
C:\Program Files\Family Toolbar folder moved successfully.
C:\Program Files\Inbox Toolbar\Update folder moved successfully.
C:\Program Files\Inbox Toolbar\Plugins folder moved successfully.
C:\Program Files\Inbox Toolbar\Buttons folder moved successfully.
C:\Program Files\Inbox Toolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Mary Carty\Desktop\cmd.bat deleted successfully.
C:\Users\Mary Carty\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 985044 bytes
->Temporary Internet Files folder emptied: 17400680 bytes
->Flash cache emptied: 56931 bytes
User: Mary
->Temp folder emptied: 498188934 bytes
->Temporary Internet Files folder emptied: 484786398 bytes
->Java cache emptied: 238168 bytes
->Google Chrome cache emptied: 28748486 bytes
->Flash cache emptied: 3468 bytes
User: Mary Carty
->Temp folder emptied: 71160906 bytes
->Temporary Internet Files folder emptied: 57288767 bytes
->Flash cache emptied: 57771 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52800614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,156.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_112110
Files\Folders moved on Reboot...
C:\Users\Mary Carty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
File C:\Users\Mary Carty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
Registry entries deleted on Reboot...
What is soccer inferno and what does it do? |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Fri Jul 13, 2012 4:04 am Post subject: |
|
|
| I uninstalled it in control panel |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Fri Jul 13, 2012 6:08 am Post subject: |
|
|
Hi partnership,
| Quote: |
| I uninstalled it in control panel |
Delete the below also.
| Quote: |
| C:\Program Files\SoccerInferno |
With regards to this issue.
| Quote: |
| error message 1542 windows cannot load classes registry file. The system cannot find the file specified. |
This suggests that the user profile has become partly corrupted somehow, i see you posted here seeking advice.
http://bolt.cd/board/f42/windows-vista-error-1542-windows-cannot-load-classes-registr-749746/
I think this issue is better dealt with at a forum who specialise in these kind of errors, i can recommend a few for you if you wish.
Your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clean up with OTL
- Right-click OTL.exe and select " Run as administrator " to run it.
- This will remove some of the tools we used to clean your pc.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools/logs we used if they remain on your Desktop.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Here are some free programs I recommend that could help you improve your computer's security.
Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here
Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE
MVPS Hosts
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer
You can do that HERE
Read some information HERE On how to prevent Malware
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Fri Jul 13, 2012 8:12 am Post subject: |
|
|
Thank you for that. I would appreciate knowing which forum to post re registry file but will prob just delete the profile once I work out how.
The only problem I still have is that the windows vista will not update to service pack 2 and i don't know why. |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Fri Jul 13, 2012 9:08 am Post subject: |
|
|
Hi partnership,
Here are some excellent Tech sites (in no particular order) that may be able to help with your remaining problems:
As mentioned your logs appear to be clean, I hope you can resolve your other problem with the links that I provided.
Any other questions?
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
partnership
Warrior
Joined: 01 Jun 2012
Last Visit: 13 Jul 2012
Posts: 54
|
| Posted: Fri Jul 13, 2012 9:21 am Post subject: |
|
|
| Thanks a million for your help I hope you don't think i was wasting your time. All the problems seem to occur at once so I thought it was malware. Will pursue thorugh forums you mentioned. |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Sat Jul 14, 2012 12:58 am Post subject: |
|
|
Hi partnership,
| Quote: |
| Thanks a million for your help |
You're most welcome.
| Quote: |
| I hope you don't think i was wasting your time. All the problems seem to occur at once so I thought it was malware. |
You didn't waste my time at all, it's best to rule out malware as the cause of such problems.
Good luck solving your remaining issues.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4050
Location: Land Of The Leprechauns
|
| Posted: Sat Jul 14, 2012 12:59 am Post subject: |
|
|
| Quote: |
As your problems do not appear to be malware related, this topic is now closed.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
