dg241
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dg241
-
-
Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Java 6 Update 3
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
-
Thanks for all your help. I was able to delete the Hijack using Malwarebytes after I configured my Avira AV to allow changes to the registry. The shutdowns seem to be related to a hardware issue with my Toshiba laptop. Still dealing with that!
-
I'm having trouble running Kaspersky. I tried it in Safe Mode on Sunday night, and when it said it would take more than 5 hours, I left it running overnight. On Monday morning, there was nothing on the screen and no log created that I could find. When I tried again, it said that I should reboot and run in regular mode, but my computer will not run in regular mode for very long without shutting down abruptly. I did try running the regular scan (without checking to run the whole C drive) in regular mode this morning, and it got to 99% and then hung for about 20 minutes. I finally had to shut down and go to work. Then same thing just happened, except the computer shut down during the 99%.
I wonder if my Avira AV could be infected. When I try to delete Hijcak.UserInit with Malwarebytes, I get an Avira message - "registry blocked - suspicious attempt to access the registry was blocked" and if I disable that feature, the same kind of message appears when I shut down or reboot.
Any ideas?
-
I had to run ComboFix in Safe Mode. My computer shut down while reading this forum in regular mode.When I started CF, it claimed that Avira was still running, although I had checked that it wasn't running, both in the program and in Task Manager. I did disable Windows Firewall. There was an "Out of Memory" message during one of the stages, and a message that CF could not write to a certain memory address. Here's the log - and thanks for your help!
ComboFix 12-11-16.02 - Don 19/11/2012 8.30.04.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2545 [GMT 1:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 07:40 . 2012-11-19 07:40 -------- d-----w- c:\users\Don\AppData\Local\temp
2012-11-19 07:40 . 2012-11-19 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-19 06:58 . 2012-11-19 06:58 -------- d-----w- C:\66b78112272c5898ea8047d82b7262
2012-11-18 20:51 . 2012-11-18 20:51 -------- d-----w- C:\_OTL
2012-11-18 08:41 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 08:41 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-18 08:39 . 2012-11-18 08:41 -------- d-----w- C:\bfc995f074073d93676df94272619073
2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes
2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\programdata\Malwarebytes
2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 21:05 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-15 07:01 . 2012-11-15 07:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB91386-9892-41A4-8527-5A688D233B72}\offreg.dll
2012-11-14 20:24 . 2012-10-19 08:38 26248 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-11-14 19:29 . 2012-10-19 08:43 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-11-14 19:29 . 2012-10-19 09:01 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-11-14 19:29 . 2012-10-19 09:01 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-11-14 19:29 . 2012-10-19 08:38 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-11-14 19:29 . 2012-10-19 08:38 56200 ----a-w- c:\windows\system32\offreg.dll
2012-11-14 19:29 . 2012-11-14 19:29 -------- d-----w- c:\program files\iolo
2012-11-14 19:27 . 2012-11-14 19:27 74703 ----a-w- c:\windows\system32\mfc45.dat
2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\iolo
2012-11-14 19:25 . 2012-11-16 01:35 -------- d-----w- c:\programdata\iolo
2012-11-14 19:25 . 2012-11-14 19:48 -------- d-----w- c:\users\Don\AppData\Roaming\iolo
2012-11-12 19:28 . 2012-10-12 18:09 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-11-12 18:44 . 2012-11-12 18:44 -------- d-----w- c:\programdata\IObit
2012-11-12 18:44 . 2012-11-14 21:35 -------- d-----w- c:\users\Don\AppData\Roaming\IObit
2012-11-12 18:43 . 2012-11-12 18:43 -------- d-----w- c:\program files\IObit
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-11-10 20:25 . 2012-11-10 20:25 -------- d-----w- c:\program files\QuickTime
2012-11-09 18:59 . 2012-10-17 00:32 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB91386-9892-41A4-8527-5A688D233B72}\mpengine.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-24 18:32 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 20:33 . 2012-10-17 20:43 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-14 20:33 . 2012-10-17 20:43 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 20:33 . 2012-10-17 20:43 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-07 19:10 . 2012-03-29 20:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 19:10 . 2011-08-04 21:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-05 09:59 . 2010-01-27 21:37 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-13 13:28 . 2012-10-10 02:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-04 20:10 . 2012-08-18 21:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-04 20:10 . 2012-08-18 21:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-10 02:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 02:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 02:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 11:01 . 2012-09-15 19:52 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2010-10-13 19:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]
"Facebook Update"="c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [bU]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-04-10 143360]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"HostManager"="c:\program files\Common Files\AOL\1241861114\ee\AOLSoftware.exe" [2010-03-08 41800]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2009-04-10 200704]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-14 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2008-3-19 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?p?\0??\0\0????\0?p?\0??\0autocheck smrgdf c:\users\Don\AppData\Roaming\iolo\\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:10]
.
2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000Core.job
- c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 05:54]
.
2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000UA.job
- c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 05:54]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:55]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.it/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Don\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-19 08:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-19 08:43:36
ComboFix-quarantined-files.txt 2012-11-19 07:43
ComboFix2.txt 2012-11-16 20:34
ComboFix3.txt 2012-11-16 18:56
.
Pre-Run: 88.236.736.512 bytes free
Post-Run: 88.247.996.416 bytes free
.
- - End Of File - - 052A3CDBA1A6B1D8562A86665DB46147
-
Here's the MBAM log: same results - Hijack.UserInit detected - Avira blocked access to the registry. Computer is running fine at the moment, but never know when the next unexpected shutdown will happen. I've been running in Safe Mode all day with no problem.
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.18.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-PC [administrator]
Protection: Enabled
18/11/2012 22.10.38
mbam-log-2012-11-18 (22-10-38).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 161401
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Here's the ADWCleaner log:
# AdwCleaner v2.007 - Logfile created 11/18/2012 at 22:03:25
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Don - DON-PC
# Boot Mode : Normal
# Running from : C:\Users\Don\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.35] : search_url = "hxxp://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}",
*************************
AdwCleaner[R1].txt - [15499 octets] - [16/11/2012 19:04:27]
AdwCleaner[R2].txt - [1056 octets] - [16/11/2012 19:11:37]
AdwCleaner[R3].txt - [1148 octets] - [18/11/2012 14:37:54]
AdwCleaner[R4].txt - [1208 octets] - [18/11/2012 14:38:49]
AdwCleaner[s1].txt - [15520 octets] - [16/11/2012 19:08:23]
AdwCleaner[s2].txt - [1119 octets] - [16/11/2012 19:12:36]
AdwCleaner[s3].txt - [1123 octets] - [18/11/2012 22:03:25]
########## EOF - C:\AdwCleaner[s3].txt - [1183 octets] ##########
-
Here's the OTL fix log:
All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Don
->Temp folder emptied: 2442557 bytes
->Temporary Internet Files folder emptied: 66927602 bytes
->Java cache emptied: 11348758 bytes
->Google Chrome cache emptied: 47066192 bytes
->Apple Safari cache emptied: 9530368 bytes
->Flash cache emptied: 1063123 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 132,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11182012_215118
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
# AdwCleaner v2.007 - Logfile created 11/18/2012 at 14:38:49
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Don - DON-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Don\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.35] : search_url = "hxxp://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}",
*************************
AdwCleaner[R1].txt - [15499 octets] - [16/11/2012 19:04:27]
AdwCleaner[R2].txt - [1056 octets] - [16/11/2012 19:11:37]
AdwCleaner[R3].txt - [1148 octets] - [18/11/2012 14:37:54]
AdwCleaner[R4].txt - [959 octets] - [18/11/2012 14:38:49]
AdwCleaner[s1].txt - [15520 octets] - [16/11/2012 19:08:23]
AdwCleaner[s2].txt - [1119 octets] - [16/11/2012 19:12:36]
########## EOF - C:\AdwCleaner[R4].txt - [1139 octets] ##########
-
OTL Extras logfile created on: 18/11/2012 14.23.38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Don\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,06% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296,62 Gb Total Space | 83,79 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
Computer Name: DON-PC | User Name: Don | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D70A09-9E93-44D6-AD42-0CDDB1C9CA9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10D45395-E28E-45F9-AA3A-DF4533044562}" = lport=137 | protocol=17 | dir=in | app=system |
"{1B3737DD-6FCB-4D1E-B8E4-9DE66A508660}" = lport=2869 | protocol=6 | dir=in | app=system |
"{230D3361-3B02-441E-823F-4F128C5C6D24}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2711797A-7C84-4371-8935-062167D20DA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{28ECCAC6-96CA-4210-BD49-EA6B63772175}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34C389D2-08E3-4484-ACC7-4D30DF3F2922}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A374E88-2581-4CA4-A0DA-440518CB6832}" = rport=139 | protocol=6 | dir=out | app=system |
"{40A49392-10E4-4F35-84A7-1344477A795B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48E7A9A5-0C96-4197-BEB9-2CF352EC5E8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54EA6CCE-C639-46A0-8FD4-690CCEDB3F8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{5AFC6933-1039-4C9C-B416-FD0BCA0867D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{746489B7-8C15-4370-8FA2-CF60597FC04F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DD6A8E6-74DC-44A0-A07A-0AEF19162C23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87130E13-9905-4708-80B8-721A0EDF18F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{88D10D34-0736-49B1-ACE7-AD6C70F46733}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A719759-D41A-4DAE-95A3-997C9866C71B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E287C8A-082A-4740-9CB1-A7816B3D6D03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9444DE1A-7D31-4571-9208-C94C3E78E92B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3EB1410-86EE-4AE7-90F2-4DDFE329DA06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A7CF7556-E50E-4B36-A376-688D66618392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF2E1E39-DFD3-4EAA-B082-05FFEDE4EBA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B62BF26D-0DBF-4485-9FFB-D402475FDB12}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C071A572-6FF2-4747-808B-5161BA7AB779}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA8275F6-963F-4A1B-A36D-4F457AE1C20A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F315CE4D-9A4A-4ECB-B649-32B7FD2119E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE22EFF5-D906-446E-8212-68682A423332}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013D982D-C647-4B8F-9A53-B069EEF6D52C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{08B6B793-367A-42D1-8D99-49EF234DCE31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0BDB6A88-B023-4249-B337-F48DEE8F973F}" = dir=in | app=c:\users\don\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1102BDD3-3704-4C95-A5CD-03DCD5D187C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{177AF020-391C-4CD3-993E-C39BB400D19F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{17BC2766-8421-4DC8-BD7E-3517356703D3}" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"{1CB621AA-182C-42CE-98A7-C2B424261A11}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{21D279C8-9FAD-45D1-8230-1F79144041CB}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
"{26002213-1604-4371-8278-8F98B365B0BD}" = protocol=6 | dir=out | app=system |
"{2CF4C857-4A95-4138-9CB4-C343A28D056F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{314FBDDC-0BDC-4302-AEF5-D40A3AC4F0BF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{349265DA-4CBD-45D3-A1D3-969BDBCF50ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BDFF0FE-2760-4FC5-96CB-D38D1A536E1E}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{3BEAF971-B46C-4716-8473-67B4014FD4C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47F550CD-FF04-4B6E-9F3C-47031206A6B5}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{5198591C-60CF-4BEE-B3D1-EFB2250D48D2}" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"{5C7CD560-FE8C-44B7-816F-7FC447930CCD}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{647C4078-AC77-4999-B358-8103E1C0DE55}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{733A348E-68C9-4E36-BC24-1A9159182437}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77EA07BB-B04F-4D6A-AF43-5C9A74C0BE72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{788DE0D1-AC56-48CE-BA4D-AC2FE37924ED}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{795F831C-AE80-436D-A1D8-9E388959A9C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D731418-5209-485E-B27E-E4C899D8866E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{80580204-843E-48E7-A3E9-B84B7EBD3952}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{855EDCA9-2518-45D4-B66B-28A4B1A508CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{886276FE-80EA-41E9-9A8F-B161666D2B96}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{892B0766-1DA5-4834-8EB0-8D2AA3C172F5}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
"{8E51062F-058E-459C-AC6E-3F80DD5A919E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EAE7CA1-A56C-4A97-A663-2C7CCD9C1708}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{92893A81-08F8-49B3-B56B-954696164F17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{933703FF-264A-4E83-9F8F-375FF94FAF74}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{95B0796E-EFC4-4A78-942F-F438F6B4D9D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97C44FB6-1EBC-4598-AEE5-27390D97D2B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{9B3A9A37-7BF9-48DB-9CC8-632BC0459791}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1241861114\ee\aolsoftware.exe |
"{9ED80CCE-E36A-460F-ABEB-39DA6A17952E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A54C4821-2F40-49DD-9BE3-E9243210476A}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{A9FE97B0-C3A7-44B2-BF8D-E146672CA7C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB146638-C28E-4443-818F-56FD300085F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB6FB533-BAC4-477E-96D7-4B94832C96CF}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B829F780-416B-480E-A3E6-64997C8E4EF2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B8815EDA-6516-451A-91AA-CA4F24AB2C06}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B8936EA6-E511-46E1-B656-D54C25752C0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD4DA4B3-88FC-4BC0-AD8C-CBF334C2FBEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAFD6CB4-3BB9-4ADA-AD2E-B3519497492C}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
"{D56C5A35-1631-4CAD-B0A7-E3759C386415}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5F8C4EA-D613-49E2-A923-5DCC6F735B57}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{D86B1844-7B15-4D4A-99C1-0FD79587105B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{DE5E32BE-39F3-4721-B8C3-52FC7111532E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{E0C6316C-0178-4754-9B20-2E460F5AE935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7A0A21B-37FE-49D4-94CE-7E9E96D6BC38}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
"{EB4B5489-2E6D-43FF-B032-333D22215E8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC1D6F19-9029-4019-8CBC-04C0E9EDBD77}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{EF8DBAB6-0C19-4DD2-9BF7-F65BB54ABF14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE2F965D-2C13-49E8-AC17-EB01642D7D88}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FEB065E3-2A8D-4DBD-BF4A-59A81ECAE982}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1241861114\ee\aolsoftware.exe |
"{FEF3FDEE-49F3-4208-BCE2-544381E31924}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{019E34E6-3D83-4767-87BD-70AF21E5DE84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{03F0EDE8-91DB-475E-A081-AD9E73C1F02A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{484361E7-5FA6-4424-9A6D-9F13C1844514}C:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe |
"TCP Query User{4947D1BF-738A-4358-B2F3-95F7E502113C}C:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{6750E89A-03A7-4FC3-8EFD-D7FD923F5A04}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9A41A082-F75B-4C25-92B5-32560D2F8A68}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B1CC0775-D500-48F8-B30A-116EC322CDED}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B3500C31-4F75-4D77-9F8E-5FA6848A0F57}C:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{09CAB0CF-6965-47F0-A19F-AF52D9CF6632}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0CCAEE3E-68C1-44EF-ACF1-74625B35CABC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{29B25B91-D0FF-455A-8BEF-7976497C5B7D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{39D6A892-D502-48ED-9CBB-D268CA9DECB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{57421BCA-F1AA-4EE0-A4C4-E40B7E6D7A53}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5AA2D452-8969-4391-91FE-51A9B0DE3FA7}C:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe |
"UDP Query User{97B8BACF-14FB-4B2F-8232-722A8F958369}C:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe |
"UDP Query User{D2A37A89-855F-42A4-98EE-9260ACDCEFD7}C:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional
"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish
"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese
"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B8FAB81-0811-FAE4-A77C-33683B43A9D8}" = ccc-utility
"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.32
"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light
"{53BB9294-6E76-4853-4130-1CD0A01EAE45}" = ATI Catalyst Install Manager
"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish
"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation
"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{945126B3-E790-45FE-A5B4-D108DB681B61}" = Sibelius Scorch (ActiveX Only)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese
"{9D809E65-2088-4367-A169-D6DDDA78D6C6}" = Garmin Communicator Plugin with myGarmin Agent
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}" = Retrospect Express HD 1.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E883466C-77EC-44AC-8EC8-417A4A16AB3F}" = Garmin Communicator Plugin
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch
"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F4F8BF8F-4147-41AD-B3EB-9EB54F5CAB89}" = Audio Browser
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Supporto applicazioni Apple
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.55
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"All Video Converter Pro_is1" = All Video Converter Pro 4.6.1
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.6
"AVI ReComp" = AVI ReComp 1.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avisynth" = AviSynth 2.5
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free DVD ISO Burner (by minidvdsoft)_is1" = Free DVD ISO Burner version 1.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HandBrake" = HandBrake 0.9.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mimo" = Mimo
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mp3tag" = Mp3tag v2.49b
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.48
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VobSub" = VobSub 2.23
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xvid_is1" = Xvid 1.3.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18/11/2012 5.29.50 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/11/2012 5.47.17 | Computer Name = Don-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 18/11/2012 5.48.35 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/11/2012 5.51.56 | Computer Name = Don-PC | Source = EventSystem | ID = 4621
Description =
Error - 18/11/2012 5.53.14 | Computer Name = Don-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 18/11/2012 5.54.33 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/11/2012 6.02.49 | Computer Name = Don-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 18/11/2012 6.03.46 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/11/2012 6.14.48 | Computer Name = Don-PC | Source = EventSystem | ID = 4609
Description =
Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 27/09/2009 3.36.23 | Computer Name = Don-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 18/11/2012 6.16.40 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18/11/2012 7.20.13 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
Error - 18/11/2012 7.20.51 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 18/11/2012 9.30.21 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
Error - 18/11/2012 9.30.31 | Computer Name = Don-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004661V06.
< End of report >
-
OTL logfile created on: 18/11/2012 14.23.38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Don\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,06% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296,62 Gb Total Space | 83,79 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
Computer Name: DON-PC | User Name: Don | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/18 13.48.43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
PRC - [2012/10/19 09.41.16 | 001,028,464 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/04/11 07.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03.23.32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/19 17.19.14 | 000,142,208 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2008/01/08 16.15.38 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - [2012/11/07 20.10.16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/31 05.20.45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/31 05.20.24 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/19 09.41.16 | 001,028,464 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/10/12 15.33.10 | 001,026,432 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/09/29 19.54.26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19.54.26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 21.51.26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/14 15.45.44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/29 14.41.46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011/02/11 12.45.52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/01/21 22.32.44 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/12/17 06.44.28 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/03/19 15.52.44 | 000,166,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2008/03/19 15.52.38 | 000,051,816 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2008/01/22 00.54.46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03.23.32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 00.27.34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 22.07.14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/04 01.03.52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 02.23.32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/24 01.27.16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/29 01.05.16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/25 02.38.00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/24 11.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/05 09.11.18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09.11.16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/26 03.47.50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/14 01.21.20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01.02.08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00.46.16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/23 13.50.35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/10/05 20.10.12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/02/06 08.22.54 | 000,073,728 | ---- | M] (EMC Dantz) [Disabled | Stopped] -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -- (RetroExpLauncher)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Don\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/14 21.33.41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/14 21.33.41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 21.33.41 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/19 09.38.26 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2012/10/19 09.38.24 | 000,026,248 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2012/09/29 19.54.26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/27 14.50.24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/10/05 06.28.24 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2011/10/05 00.42.44 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmamp3DriverV32.sys -- (wmamp3DriverV32)
DRV - [2011/07/12 14.02.30 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/07/12 14.02.30 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/07/12 14.02.30 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/07/12 14.02.30 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/07/12 14.02.18 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/04 12.50.14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/31 00.24.00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 23.42.24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03.23.20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/12/17 19.45.20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 22.00.52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 14.12.22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/24 20.56.54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/24 20.56.40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 20.56.34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/22 07.02.04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 19.59.04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 19.56.18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 19.55.12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007/03/05 19.53.18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 19.52.18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/02/24 23.42.22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/24 01.40.20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/29 23.24.57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/28 23.11.00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23.11.14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 07.32.00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 07.31.00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/10/24 01.32.20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 20.50.04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 03.42.42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/05 03.42.42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/10/31 09.46.56 | 000,036,679 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMD052.sys -- (NETMDUSB)
DRV - [2005/04/06 14.05.24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2003/03/13 13.23.28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
IE - HKLM\..\SearchScopes\{BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
IE - HKCU\..\SearchScopes\{BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Don\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 00.52.37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/11 02.29.08 | 000,000,000 | ---D | M]
[2012/04/19 05.42.33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Don\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/11/16 19.53.38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1241861114\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\myGarminAgent.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\RunOnce: [sMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E01332B-71EE-4E5E-8C26-B773242B1462}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3903096-433E-479F-892D-91194BBFA2F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA7B4349-DAD3-400E-8BBE-15B50917C70A}: DhcpNameServer = 83.224.66.138 83.224.70.94
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Don\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Don\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (ጸƽ)
O34 - HKLM BootExecute: (簁Ƹ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (潔瑰䚰Ƹ)
O34 - HKLM BootExecute: (ጸƽ)
O34 - HKLM BootExecute: (敡Ƹ)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Don\AppData\Roaming\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012/11/18 13.48.41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2012/11/18 09.39.06 | 000,000,000 | ---D | C] -- C:\bfc995f074073d93676df94272619073
[2012/11/16 21.34.03 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\temp
[2012/11/16 21.33.29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/16 21.18.35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/16 19.27.59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 19.27.59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 19.27.59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 19.26.48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 19.26.15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 19.15.44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Don\Desktop\TDSSKiller.exe
[2012/11/16 18.43.22 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Don\Desktop\dds.com
[2012/11/16 18.28.37 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Don\Desktop\ComboFix.exe
[2012/11/16 18.27.02 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Don\Desktop\rkill.exe
[2012/11/15 22.05.34 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\Malwarebytes
[2012/11/15 22.05.13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/15 22.05.13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/15 22.05.12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/15 22.05.12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/14 21.24.44 | 000,026,248 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\ElRawDsk.sys
[2012/11/14 20.29.15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2012/11/14 20.29.14 | 002,097,032 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll
[2012/11/14 20.29.13 | 000,068,464 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\System32\drivers\PDFsFilter.sys
[2012/11/14 20.29.13 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offreg.dll
[2012/11/14 20.29.13 | 000,041,176 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2012/11/14 20.29.13 | 000,023,128 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2012/11/14 20.29.12 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/11/14 20.27.47 | 000,000,000 | ---D | C] -- C:\iolo
[2012/11/14 20.25.39 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\iolo
[2012/11/14 20.25.39 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/11/12 20.28.50 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/11/12 19.44.08 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/11/12 19.44.07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012/11/12 19.44.02 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\IObit
[2012/11/12 19.43.58 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/11/10 21.26.25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/10 21.25.19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/10 21.25.01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/25 03.12.26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03.12.26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2012/10/24 19.32.34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/24 19.32.34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/24 19.32.34 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/18 13.48.43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2012/11/18 11.23.28 | 000,007,620 | ---- | M] () -- C:\Users\Don\AppData\Local\d3d9caps.dat
[2012/11/18 11.14.28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 11.09.06 | 000,643,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/18 11.09.06 | 000,120,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 11.08.00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 11.02.09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 11.02.09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 11.02.07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 10.59.01 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000UA.job
[2012/11/18 10.54.14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 19.53.38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/16 18.43.26 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Don\Desktop\dds.com
[2012/11/16 18.42.26 | 000,541,569 | ---- | M] () -- C:\Users\Don\Desktop\adwcleaner.exe
[2012/11/16 18.36.53 | 000,881,833 | ---- | M] () -- C:\Users\Don\Desktop\SecurityCheck.exe
[2012/11/16 18.29.30 | 002,195,061 | ---- | M] () -- C:\Users\Don\Desktop\tdsskiller.zip
[2012/11/16 18.29.09 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Don\Desktop\ComboFix.exe
[2012/11/16 18.27.20 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Don\Desktop\rkill.exe
[2012/11/16 07.59.01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000Core.job
[2012/11/15 22.52.29 | 000,007,096 | ---- | M] () -- C:\Users\Don\Desktop\msiserver.reg
[2012/11/15 22.05.14 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 10.14.33 | 000,000,184 | ---- | M] () -- C:\Users\Don\Desktop\repair.bat
[2012/11/15 08.25.28 | 132,003,830 | ---- | M] () -- C:\Users\Don\Desktop\Windows6.0-KB947821-v24-x86.msu
[2012/11/14 21.33.41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/14 21.33.41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/14 21.33.41 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/14 20.29.15 | 000,001,922 | ---- | M] () -- C:\Users\Don\Desktop\System Mechanic.lnk
[2012/11/14 20.27.52 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dat
[2012/11/12 19.44.07 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/11/12 19.44.07 | 000,001,049 | ---- | M] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2012/11/12 19.44.07 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2012/11/10 21.25.19 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/10 17.36.27 | 000,113,152 | ---- | M] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/07 20.10.15 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/07 20.10.15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/07 03.10.57 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/05 10.59.52 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/10/31 21.49.22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Don\Desktop\TDSSKiller.exe
[2012/10/25 03.12.26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03.12.26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2012/10/22 10.29.11 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/10/22 10.29.10 | 000,001,440 | ---- | M] () -- C:\Users\Don\Desktop\DivX Movies.lnk
[2012/10/22 10.29.01 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/16 19.27.59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 19.27.59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 19.27.59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 19.27.59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 19.27.59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 18.42.25 | 000,541,569 | ---- | C] () -- C:\Users\Don\Desktop\adwcleaner.exe
[2012/11/16 18.36.38 | 000,881,833 | ---- | C] () -- C:\Users\Don\Desktop\SecurityCheck.exe
[2012/11/16 18.29.21 | 002,195,061 | ---- | C] () -- C:\Users\Don\Desktop\tdsskiller.zip
[2012/11/16 07.45.05 | 000,007,096 | ---- | C] () -- C:\Users\Don\Desktop\msiserver.reg
[2012/11/15 23.00.37 | 132,003,830 | ---- | C] () -- C:\Users\Don\Desktop\Windows6.0-KB947821-v24-x86.msu
[2012/11/15 22.05.14 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 10.14.33 | 000,000,184 | ---- | C] () -- C:\Users\Don\Desktop\repair.bat
[2012/11/14 20.29.15 | 000,001,922 | ---- | C] () -- C:\Users\Don\Desktop\System Mechanic.lnk
[2012/11/14 20.27.52 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/12 19.44.07 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/11/12 19.44.07 | 000,001,049 | ---- | C] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2012/11/12 19.44.07 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2012/11/10 21.25.19 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/26 09.21.58 | 000,000,414 | ---- | C] () -- C:\Users\Don\Pictures - Shortcut.lnk
[2011/10/09 09.35.09 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/07/12 14.02.16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/17 12.46.59 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/02/22 20.39.04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 20.37.30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/27 22.37.55 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/07/04 22.55.48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/10 18.03.12 | 000,007,620 | ---- | C] () -- C:\Users\Don\AppData\Local\d3d9caps.dat
[2008/05/09 14.17.26 | 000,113,152 | ---- | C] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/11/16 19.04.30 | 000,015,499 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/16 19.11.41 | 000,001,056 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2012/11/16 19.08.31 | 000,015,520 | ---- | M] () -- C:\AdwCleaner[s1].txt
[2012/11/16 19.12.40 | 000,001,119 | ---- | M] () -- C:\AdwCleaner[s2].txt
[2006/09/18 22.43.36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07.36.36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/13 02.37.54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/11/16 21.34.02 | 000,013,751 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22.43.37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/09 09.25.31 | 000,000,043 | ---- | M] () -- C:\END
[2012/01/14 07.58.37 | 000,090,998 | ---- | M] () -- C:\install.log
[2012/11/18 11.14.11 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 10.25.56 | 000,000,040 | ---- | M] () -- C:\SYSTEM.VER
[2012/11/16 19.16.51 | 000,138,328 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.15.56_log.txt
[2012/11/16 19.19.57 | 000,003,420 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.19.23_log.txt
[2012/11/16 19.25.46 | 000,461,894 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.21.56_log.txt
[2010/08/23 10.25.56 | 000,011,032 | ---- | M] () -- C:\YP-U3.LOG
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 785 bytes -> C:\Users\Don\Documents\autorizzazione rof.eml:OECustomProperty
< End of report >
-
I need help removing Hijack.UserInit from my system. Malwarebytes seems to be successful, but it always reappears after a new boot. I've disabled Avira's registry blocking so that the repair can be made, but get the same results. I've read other posts in this forum about this. Maybe I need to run a CF script to finish the job?
The main problem I am having is unexpected shutdowns while in regular Windows mode. This doesn't happen in Safe Mode with networking. Can this be caused by the Hijack?
Here's a log from a flash scan in regular Windows mode.
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.18.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-PC [administrator]
Protection: Enabled
18/11/2012 10.55.35
mbam-log-2012-11-18 (10-55-35).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 161042
Time elapsed: 2 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thanks for your help.
Don
Hijack.UserInit infection - can't remove
in Resolved Malware Removal Logs
Posted
You will notice right under that indication that I have Adobe Reader X, and it is up to date. I'm not sure why this report lists the older version also. I find there is a Reader 8 folder in my Adobe folder, but it doesn't show up in programs that can be removed. Should I simply delete the folder?