Jump to content

Hijack.UserInit infection - can't remove


dg241

Recommended Posts

I need help removing Hijack.UserInit from my system. Malwarebytes seems to be successful, but it always reappears after a new boot. I've disabled Avira's registry blocking so that the repair can be made, but get the same results. I've read other posts in this forum about this. Maybe I need to run a CF script to finish the job?

The main problem I am having is unexpected shutdowns while in regular Windows mode. This doesn't happen in Safe Mode with networking. Can this be caused by the Hijack?

Here's a log from a flash scan in regular Windows mode.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.18.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Don :: DON-PC [administrator]

Protection: Enabled

18/11/2012 10.55.35

mbam-log-2012-11-18 (10-55-35).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 161042

Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks for your help.

Don

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Maybe I need to run a CF script to finish the job?

Please see below to try OTL first, as it will provide an in-depth look at what is on your computer.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs (you may need to use multiple posts to fit them in):

  • OTL.txt.
  • Extras.txt.
  • AdwCleaner[R1].txt.

Link to post
Share on other sites

OTL logfile created on: 18/11/2012 14.23.38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Don\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,06% Memory free

6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 296,62 Gb Total Space | 83,79 Gb Free Space | 28,25% Space Free | Partition Type: NTFS

Computer Name: DON-PC | User Name: Don | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 13.48.43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe

PRC - [2012/10/19 09.41.16 | 001,028,464 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2009/04/11 07.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/21 03.23.32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/19 17.19.14 | 000,142,208 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll

MOD - [2008/01/08 16.15.38 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

========== Services (SafeList) ==========

SRV - [2012/11/07 20.10.16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/31 05.20.45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/10/31 05.20.24 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/10/19 09.41.16 | 001,028,464 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2012/10/12 15.33.10 | 001,026,432 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)

SRV - [2012/09/29 19.54.26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19.54.26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/27 21.51.26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/07/14 15.45.44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)

SRV - [2011/03/29 14.41.46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)

SRV - [2011/02/11 12.45.52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/01/21 22.32.44 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

SRV - [2009/12/17 06.44.28 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2008/03/19 15.52.44 | 000,166,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

SRV - [2008/03/19 15.52.38 | 000,051,816 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)

SRV - [2008/01/22 00.54.46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/21 03.23.32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/18 00.27.34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/12/25 22.07.14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/04 01.03.52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/22 02.23.32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/10/24 01.27.16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/09/29 01.05.16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/09/25 02.38.00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/07/24 11.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/02/05 09.11.18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)

SRV - [2007/02/05 09.11.16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)

SRV - [2007/01/26 03.47.50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/12/14 01.21.20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 01.02.08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 00.46.16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/10/23 13.50.35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

SRV - [2006/10/05 20.10.12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/02/06 08.22.54 | 000,073,728 | ---- | M] (EMC Dantz) [Disabled | Stopped] -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -- (RetroExpLauncher)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pbsaudrv.sys -- (PbsAuDrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Don\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012/11/14 21.33.41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/11/14 21.33.41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012/11/14 21.33.41 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2012/10/19 09.38.26 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFsFilter)

DRV - [2012/10/19 09.38.24 | 000,026,248 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV - [2012/09/29 19.54.26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/08/27 14.50.24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2011/10/05 06.28.24 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)

DRV - [2011/10/05 00.42.44 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmamp3DriverV32.sys -- (wmamp3DriverV32)

DRV - [2011/07/12 14.02.30 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - [2011/07/12 14.02.30 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2011/07/12 14.02.30 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)

DRV - [2011/07/12 14.02.30 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV - [2011/07/12 14.02.18 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/04 12.50.14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/01/31 00.24.00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/01/21 23.42.24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2008/01/21 03.23.20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007/12/17 19.45.20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/11/09 22.00.52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/26 14.12.22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)

DRV - [2007/06/24 20.56.54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007/06/24 20.56.40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007/06/24 20.56.34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007/03/22 07.02.04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/03/05 19.59.04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)

DRV - [2007/03/05 19.56.18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)

DRV - [2007/03/05 19.55.12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)

DRV - [2007/03/05 19.53.18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)

DRV - [2007/03/05 19.52.18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)

DRV - [2007/02/24 23.42.22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/24 01.40.20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/29 23.24.57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)

DRV - [2006/11/28 23.11.00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/20 23.11.14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/09 07.32.00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)

DRV - [2006/11/09 07.31.00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

DRV - [2006/10/24 01.32.20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2006/10/18 20.50.04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/10/05 03.42.42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/05 03.42.42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2005/10/31 09.46.56 | 000,036,679 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMD052.sys -- (NETMDUSB)

DRV - [2005/04/06 14.05.24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)

DRV - [2003/03/13 13.23.28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7

IE - HKLM\..\SearchScopes\{BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7

IE - HKCU\..\SearchScopes\{BD2C6EE5-9E0F-4A54-8BBF-FD2370E39CBD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Don\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 00.52.37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/11 02.29.08 | 000,000,000 | ---D | M]

[2012/04/19 05.42.33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Don\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/16 19.53.38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1241861114\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)

O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)

O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\myGarminAgent.exe ()

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)

O4 - HKLM..\Run: [standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()

O4 - HKLM..\RunOnce: [sMRequiresRestart] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E01332B-71EE-4E5E-8C26-B773242B1462}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3903096-433E-479F-892D-91194BBFA2F6}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA7B4349-DAD3-400E-8BBE-15B50917C70A}: DhcpNameServer = 83.224.66.138 83.224.70.94

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Don\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Don\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (ጸƽ)

O34 - HKLM BootExecute: (簁Ƹ)

O34 - HKLM BootExecute: ()

O34 - HKLM BootExecute: (潔瑰䚰Ƹ)

O34 - HKLM BootExecute: (ጸƽ)

O34 - HKLM BootExecute: (敡Ƹ)

O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Don\AppData\Roaming\iolo\)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 13.48.41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe

[2012/11/18 09.39.06 | 000,000,000 | ---D | C] -- C:\bfc995f074073d93676df94272619073

[2012/11/16 21.34.03 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\temp

[2012/11/16 21.33.29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/16 21.18.35 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/11/16 19.27.59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/16 19.27.59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/16 19.27.59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/16 19.26.48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/16 19.26.15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/16 19.15.44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Don\Desktop\TDSSKiller.exe

[2012/11/16 18.43.22 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Don\Desktop\dds.com

[2012/11/16 18.28.37 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Don\Desktop\ComboFix.exe

[2012/11/16 18.27.02 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Don\Desktop\rkill.exe

[2012/11/15 22.05.34 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\Malwarebytes

[2012/11/15 22.05.13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/15 22.05.13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/15 22.05.12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/15 22.05.12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/14 21.24.44 | 000,026,248 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\ElRawDsk.sys

[2012/11/14 20.29.15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic

[2012/11/14 20.29.14 | 002,097,032 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll

[2012/11/14 20.29.13 | 000,068,464 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\System32\drivers\PDFsFilter.sys

[2012/11/14 20.29.13 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offreg.dll

[2012/11/14 20.29.13 | 000,041,176 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe

[2012/11/14 20.29.13 | 000,023,128 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe

[2012/11/14 20.29.12 | 000,000,000 | ---D | C] -- C:\Program Files\iolo

[2012/11/14 20.27.47 | 000,000,000 | ---D | C] -- C:\iolo

[2012/11/14 20.25.39 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\iolo

[2012/11/14 20.25.39 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo

[2012/11/12 20.28.50 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe

[2012/11/12 19.44.08 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2012/11/12 19.44.07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6

[2012/11/12 19.44.02 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\IObit

[2012/11/12 19.43.58 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2012/11/10 21.26.25 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/11/10 21.25.19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/10 21.25.01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/10/25 03.12.26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2012/10/25 03.12.26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

[2012/10/24 19.32.34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/10/24 19.32.34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/10/24 19.32.34 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 13.48.43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe

[2012/11/18 11.23.28 | 000,007,620 | ---- | M] () -- C:\Users\Don\AppData\Local\d3d9caps.dat

[2012/11/18 11.14.28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/18 11.09.06 | 000,643,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/18 11.09.06 | 000,120,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/18 11.08.00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/18 11.02.09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/18 11.02.09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/18 11.02.07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/18 10.59.01 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000UA.job

[2012/11/18 10.54.14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/16 19.53.38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/11/16 18.43.26 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Don\Desktop\dds.com

[2012/11/16 18.42.26 | 000,541,569 | ---- | M] () -- C:\Users\Don\Desktop\adwcleaner.exe

[2012/11/16 18.36.53 | 000,881,833 | ---- | M] () -- C:\Users\Don\Desktop\SecurityCheck.exe

[2012/11/16 18.29.30 | 002,195,061 | ---- | M] () -- C:\Users\Don\Desktop\tdsskiller.zip

[2012/11/16 18.29.09 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Don\Desktop\ComboFix.exe

[2012/11/16 18.27.20 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Don\Desktop\rkill.exe

[2012/11/16 07.59.01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000Core.job

[2012/11/15 22.52.29 | 000,007,096 | ---- | M] () -- C:\Users\Don\Desktop\msiserver.reg

[2012/11/15 22.05.14 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/15 10.14.33 | 000,000,184 | ---- | M] () -- C:\Users\Don\Desktop\repair.bat

[2012/11/15 08.25.28 | 132,003,830 | ---- | M] () -- C:\Users\Don\Desktop\Windows6.0-KB947821-v24-x86.msu

[2012/11/14 21.33.41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys

[2012/11/14 21.33.41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys

[2012/11/14 21.33.41 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys

[2012/11/14 20.29.15 | 000,001,922 | ---- | M] () -- C:\Users\Don\Desktop\System Mechanic.lnk

[2012/11/14 20.27.52 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dat

[2012/11/12 19.44.07 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk

[2012/11/12 19.44.07 | 000,001,049 | ---- | M] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk

[2012/11/12 19.44.07 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk

[2012/11/10 21.25.19 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/11/10 17.36.27 | 000,113,152 | ---- | M] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/07 20.10.15 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 20.10.15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/07 03.10.57 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/11/05 10.59.52 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2012/10/31 21.49.22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Don\Desktop\TDSSKiller.exe

[2012/10/25 03.12.26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2012/10/25 03.12.26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

[2012/10/22 10.29.11 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2012/10/22 10.29.10 | 000,001,440 | ---- | M] () -- C:\Users\Don\Desktop\DivX Movies.lnk

[2012/10/22 10.29.01 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/16 19.27.59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/16 19.27.59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/16 19.27.59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/16 19.27.59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/16 19.27.59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/16 18.42.25 | 000,541,569 | ---- | C] () -- C:\Users\Don\Desktop\adwcleaner.exe

[2012/11/16 18.36.38 | 000,881,833 | ---- | C] () -- C:\Users\Don\Desktop\SecurityCheck.exe

[2012/11/16 18.29.21 | 002,195,061 | ---- | C] () -- C:\Users\Don\Desktop\tdsskiller.zip

[2012/11/16 07.45.05 | 000,007,096 | ---- | C] () -- C:\Users\Don\Desktop\msiserver.reg

[2012/11/15 23.00.37 | 132,003,830 | ---- | C] () -- C:\Users\Don\Desktop\Windows6.0-KB947821-v24-x86.msu

[2012/11/15 22.05.14 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/15 10.14.33 | 000,000,184 | ---- | C] () -- C:\Users\Don\Desktop\repair.bat

[2012/11/14 20.29.15 | 000,001,922 | ---- | C] () -- C:\Users\Don\Desktop\System Mechanic.lnk

[2012/11/14 20.27.52 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat

[2012/11/12 19.44.07 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk

[2012/11/12 19.44.07 | 000,001,049 | ---- | C] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk

[2012/11/12 19.44.07 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk

[2012/11/10 21.25.19 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/05/26 09.21.58 | 000,000,414 | ---- | C] () -- C:\Users\Don\Pictures - Shortcut.lnk

[2011/10/09 09.35.09 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2011/07/12 14.02.16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2011/04/17 12.46.59 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini

[2011/02/22 20.39.04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/02/22 20.37.30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/01/27 22.37.55 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2008/07/04 22.55.48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/05/10 18.03.12 | 000,007,620 | ---- | C] () -- C:\Users\Don\AppData\Local\d3d9caps.dat

[2008/05/09 14.17.26 | 000,113,152 | ---- | C] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/11/16 19.04.30 | 000,015,499 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2012/11/16 19.11.41 | 000,001,056 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2012/11/16 19.08.31 | 000,015,520 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/11/16 19.12.40 | 000,001,119 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2006/09/18 22.43.36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 07.36.36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/02/13 02.37.54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2012/11/16 21.34.02 | 000,013,751 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 22.43.37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/10/09 09.25.31 | 000,000,043 | ---- | M] () -- C:\END

[2012/01/14 07.58.37 | 000,090,998 | ---- | M] () -- C:\install.log

[2012/11/18 11.14.11 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys

[2010/08/23 10.25.56 | 000,000,040 | ---- | M] () -- C:\SYSTEM.VER

[2012/11/16 19.16.51 | 000,138,328 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.15.56_log.txt

[2012/11/16 19.19.57 | 000,003,420 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.19.23_log.txt

[2012/11/16 19.25.46 | 000,461,894 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.11.2012_19.21.56_log.txt

[2010/08/23 10.25.56 | 000,011,032 | ---- | M] () -- C:\YP-U3.LOG

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 785 bytes -> C:\Users\Don\Documents\autorizzazione rof.eml:OECustomProperty

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 18/11/2012 14.23.38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Don\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,06% Memory free

6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 296,62 Gb Total Space | 83,79 Gb Free Space | 28,25% Space Free | Partition Type: NTFS

Computer Name: DON-PC | User Name: Don | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01D70A09-9E93-44D6-AD42-0CDDB1C9CA9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{10D45395-E28E-45F9-AA3A-DF4533044562}" = lport=137 | protocol=17 | dir=in | app=system |

"{1B3737DD-6FCB-4D1E-B8E4-9DE66A508660}" = lport=2869 | protocol=6 | dir=in | app=system |

"{230D3361-3B02-441E-823F-4F128C5C6D24}" = lport=10243 | protocol=6 | dir=in | app=system |

"{2711797A-7C84-4371-8935-062167D20DA6}" = lport=445 | protocol=6 | dir=in | app=system |

"{28ECCAC6-96CA-4210-BD49-EA6B63772175}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{34C389D2-08E3-4484-ACC7-4D30DF3F2922}" = rport=138 | protocol=17 | dir=out | app=system |

"{3A374E88-2581-4CA4-A0DA-440518CB6832}" = rport=139 | protocol=6 | dir=out | app=system |

"{40A49392-10E4-4F35-84A7-1344477A795B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{48E7A9A5-0C96-4197-BEB9-2CF352EC5E8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{54EA6CCE-C639-46A0-8FD4-690CCEDB3F8D}" = rport=445 | protocol=6 | dir=out | app=system |

"{5AFC6933-1039-4C9C-B416-FD0BCA0867D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{746489B7-8C15-4370-8FA2-CF60597FC04F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7DD6A8E6-74DC-44A0-A07A-0AEF19162C23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{87130E13-9905-4708-80B8-721A0EDF18F2}" = lport=138 | protocol=17 | dir=in | app=system |

"{88D10D34-0736-49B1-ACE7-AD6C70F46733}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8A719759-D41A-4DAE-95A3-997C9866C71B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8E287C8A-082A-4740-9CB1-A7816B3D6D03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9444DE1A-7D31-4571-9208-C94C3E78E92B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A3EB1410-86EE-4AE7-90F2-4DDFE329DA06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{A7CF7556-E50E-4B36-A376-688D66618392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AF2E1E39-DFD3-4EAA-B082-05FFEDE4EBA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B62BF26D-0DBF-4485-9FFB-D402475FDB12}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C071A572-6FF2-4747-808B-5161BA7AB779}" = rport=137 | protocol=17 | dir=out | app=system |

"{EA8275F6-963F-4A1B-A36D-4F457AE1C20A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{F315CE4D-9A4A-4ECB-B649-32B7FD2119E5}" = lport=139 | protocol=6 | dir=in | app=system |

"{FE22EFF5-D906-446E-8212-68682A423332}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{013D982D-C647-4B8F-9A53-B069EEF6D52C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{08B6B793-367A-42D1-8D99-49EF234DCE31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{0BDB6A88-B023-4249-B337-F48DEE8F973F}" = dir=in | app=c:\users\don\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{1102BDD3-3704-4C95-A5CD-03DCD5D187C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{177AF020-391C-4CD3-993E-C39BB400D19F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{17BC2766-8421-4DC8-BD7E-3517356703D3}" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |

"{1CB621AA-182C-42CE-98A7-C2B424261A11}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |

"{21D279C8-9FAD-45D1-8230-1F79144041CB}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{26002213-1604-4371-8278-8F98B365B0BD}" = protocol=6 | dir=out | app=system |

"{2CF4C857-4A95-4138-9CB4-C343A28D056F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{314FBDDC-0BDC-4302-AEF5-D40A3AC4F0BF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{349265DA-4CBD-45D3-A1D3-969BDBCF50ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3BDFF0FE-2760-4FC5-96CB-D38D1A536E1E}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |

"{3BEAF971-B46C-4716-8473-67B4014FD4C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{47F550CD-FF04-4B6E-9F3C-47031206A6B5}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |

"{5198591C-60CF-4BEE-B3D1-EFB2250D48D2}" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |

"{5C7CD560-FE8C-44B7-816F-7FC447930CCD}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |

"{647C4078-AC77-4999-B358-8103E1C0DE55}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{733A348E-68C9-4E36-BC24-1A9159182437}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{77EA07BB-B04F-4D6A-AF43-5C9A74C0BE72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{788DE0D1-AC56-48CE-BA4D-AC2FE37924ED}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |

"{795F831C-AE80-436D-A1D8-9E388959A9C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7D731418-5209-485E-B27E-E4C899D8866E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{80580204-843E-48E7-A3E9-B84B7EBD3952}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{855EDCA9-2518-45D4-B66B-28A4B1A508CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{886276FE-80EA-41E9-9A8F-B161666D2B96}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |

"{892B0766-1DA5-4834-8EB0-8D2AA3C172F5}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |

"{8E51062F-058E-459C-AC6E-3F80DD5A919E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8EAE7CA1-A56C-4A97-A663-2C7CCD9C1708}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |

"{92893A81-08F8-49B3-B56B-954696164F17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{933703FF-264A-4E83-9F8F-375FF94FAF74}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |

"{95B0796E-EFC4-4A78-942F-F438F6B4D9D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{97C44FB6-1EBC-4598-AEE5-27390D97D2B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{9B3A9A37-7BF9-48DB-9CC8-632BC0459791}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1241861114\ee\aolsoftware.exe |

"{9ED80CCE-E36A-460F-ABEB-39DA6A17952E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A54C4821-2F40-49DD-9BE3-E9243210476A}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |

"{A9FE97B0-C3A7-44B2-BF8D-E146672CA7C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AB146638-C28E-4443-818F-56FD300085F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AB6FB533-BAC4-477E-96D7-4B94832C96CF}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{B829F780-416B-480E-A3E6-64997C8E4EF2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{B8815EDA-6516-451A-91AA-CA4F24AB2C06}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{B8936EA6-E511-46E1-B656-D54C25752C0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BD4DA4B3-88FC-4BC0-AD8C-CBF334C2FBEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CAFD6CB4-3BB9-4ADA-AD2E-B3519497492C}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |

"{D56C5A35-1631-4CAD-B0A7-E3759C386415}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D5F8C4EA-D613-49E2-A923-5DCC6F735B57}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |

"{D86B1844-7B15-4D4A-99C1-0FD79587105B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{DE5E32BE-39F3-4721-B8C3-52FC7111532E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{E0C6316C-0178-4754-9B20-2E460F5AE935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E7A0A21B-37FE-49D4-94CE-7E9E96D6BC38}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{EB4B5489-2E6D-43FF-B032-333D22215E8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EC1D6F19-9029-4019-8CBC-04C0E9EDBD77}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{EF8DBAB6-0C19-4DD2-9BF7-F65BB54ABF14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{FE2F965D-2C13-49E8-AC17-EB01642D7D88}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{FEB065E3-2A8D-4DBD-BF4A-59A81ECAE982}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1241861114\ee\aolsoftware.exe |

"{FEF3FDEE-49F3-4208-BCE2-544381E31924}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{019E34E6-3D83-4767-87BD-70AF21E5DE84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{03F0EDE8-91DB-475E-A081-AD9E73C1F02A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{484361E7-5FA6-4424-9A6D-9F13C1844514}C:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe |

"TCP Query User{4947D1BF-738A-4358-B2F3-95F7E502113C}C:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe |

"TCP Query User{6750E89A-03A7-4FC3-8EFD-D7FD923F5A04}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{9A41A082-F75B-4C25-92B5-32560D2F8A68}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{B1CC0775-D500-48F8-B30A-116EC322CDED}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{B3500C31-4F75-4D77-9F8E-5FA6848A0F57}C:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{09CAB0CF-6965-47F0-A19F-AF52D9CF6632}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{0CCAEE3E-68C1-44EF-ACF1-74625B35CABC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{29B25B91-D0FF-455A-8BEF-7976497C5B7D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{39D6A892-D502-48ED-9CBB-D268CA9DECB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{57421BCA-F1AA-4EE0-A4C4-E40B7E6D7A53}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{5AA2D452-8969-4391-91FE-51A9B0DE3FA7}C:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\don\appdata\local\temp\wzse0.tmp\symnrt.exe |

"UDP Query User{97B8BACF-14FB-4B2F-8232-722A8F958369}C:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\mimo.exe |

"UDP Query User{D2A37A89-855F-42A4-98EE-9260ACDCEFD7}C:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\don\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup

"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional

"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish

"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese

"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French

"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B8FAB81-0811-FAE4-A77C-33683B43A9D8}" = ccc-utility

"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.32

"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian

"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel

"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light

"{53BB9294-6E76-4853-4130-1CD0A01EAE45}" = ATI Catalyst Install Manager

"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater

"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE

"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish

"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation

"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{945126B3-E790-45FE-A5B4-D108DB681B61}" = Sibelius Scorch (ActiveX Only)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese

"{9D809E65-2088-4367-A169-D6DDDA78D6C6}" = Garmin Communicator Plugin with myGarmin Agent

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3

"{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}" = Retrospect Express HD 1.1

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new

"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio

"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration

"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch

"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding

"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E883466C-77EC-44AC-8EC8-417A4A16AB3F}" = Garmin Communicator Plugin

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch

"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish

"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup

"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins

"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug

"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO

"{F4F8BF8F-4147-41AD-B3EB-9EB54F5CAB89}" = Audio Browser

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Supporto applicazioni Apple

"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents

"{F8423392-2296-4748-9B66-344432459632}" = PureHD

"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share

"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO

"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic

"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.55

"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 4.57

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"All Video Converter Pro_is1" = All Video Converter Pro 4.6.1

"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"Audacity_is1" = Audacity 1.2.6

"AVI ReComp" = AVI ReComp 1.5.3

"Avira AntiVir Desktop" = Avira Free Antivirus

"Avisynth" = AviSynth 2.5

"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX Setup

"DVD Flick_is1" = DVD Flick 1.3.0.7

"Free CD to MP3 Converter" = Free CD to MP3 Converter

"Free DVD ISO Burner (by minidvdsoft)_is1" = Free DVD ISO Burner version 1.2

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HandBrake" = HandBrake 0.9.5

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA

"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mimo" = Mimo

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mp3tag" = Mp3tag v2.49b

"MyCamera" = Canon Utilities MyCamera

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa2" = Picasa 2

"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor

"ProInst" = Intel® PROSet/Wireless Software

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 15.0" = RealPlayer

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.48

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tag&Rename_is1" = Tag&Rename 3.5.1

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"VobSub" = VobSub 2.23

"WildTangent toshiba Master Uninstall" = TOSHIBA Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Xvid_is1" = Xvid 1.3.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 18/11/2012 5.29.50 | Computer Name = Don-PC | Source = WinMgmt | ID = 10

Description =

Error - 18/11/2012 5.47.17 | Computer Name = Don-PC | Source = VmbService | ID = 0

Description = conflictManagerTypeValue

Error - 18/11/2012 5.48.35 | Computer Name = Don-PC | Source = WinMgmt | ID = 10

Description =

Error - 18/11/2012 5.51.56 | Computer Name = Don-PC | Source = EventSystem | ID = 4621

Description =

Error - 18/11/2012 5.53.14 | Computer Name = Don-PC | Source = VmbService | ID = 0

Description = conflictManagerTypeValue

Error - 18/11/2012 5.54.33 | Computer Name = Don-PC | Source = WinMgmt | ID = 10

Description =

Error - 18/11/2012 6.02.49 | Computer Name = Don-PC | Source = VmbService | ID = 0

Description = conflictManagerTypeValue

Error - 18/11/2012 6.03.46 | Computer Name = Don-PC | Source = WinMgmt | ID = 10

Description =

Error - 18/11/2012 6.14.48 | Computer Name = Don-PC | Source = EventSystem | ID = 4609

Description =

Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 27/09/2009 3.36.23 | Computer Name = Don-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 18/11/2012 6.15.51 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 18/11/2012 6.16.40 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 18/11/2012 7.20.13 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

Error - 18/11/2012 7.20.51 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

Error - 18/11/2012 9.25.20 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume C:.

Error - 18/11/2012 9.30.21 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

Error - 18/11/2012 9.30.31 | Computer Name = Don-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume SQ004661V06.

< End of report >

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/18/2012 at 14:38:49

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Don - DON-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Don\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.35] : search_url = "hxxp://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [15499 octets] - [16/11/2012 19:04:27]

AdwCleaner[R2].txt - [1056 octets] - [16/11/2012 19:11:37]

AdwCleaner[R3].txt - [1148 octets] - [18/11/2012 14:37:54]

AdwCleaner[R4].txt - [959 octets] - [18/11/2012 14:38:49]

AdwCleaner[s1].txt - [15520 octets] - [16/11/2012 19:08:23]

AdwCleaner[s2].txt - [1119 octets] - [16/11/2012 19:12:36]

########## EOF - C:\AdwCleaner[R4].txt - [1139 octets] ##########

Link to post
Share on other sites

Good morning dg241,

IObit Security 360 is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.

IOBit Steals Malwarebytes’ Intellectual Property

IOBit’s Denial of Theft Unconvincing

The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start>Control Panel>Programs and Features>Programs and uninstall the following programs:

Advanced SystemCare

(or any program from IObit)

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:

http://www.t-tools.nl/bitremoveren.php

Save the program to your Desktop and double-click on the program to run it.

=====

Next, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://www.searchqu....q={searchTerms}
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

  • Then, please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s3].txt.

=====

Finally, please update MBAM and run a fresh scan. Fix anything it finds and post its new log in your reply.

=====

In your reply please provide the contents of the following:

  • OTL fix log.
  • AdwCleaner[s3].txt.
  • Fresh MBAM log.

How is your computer currently running?

Link to post
Share on other sites

Here's the OTL fix log:

All processes killed

========== OTL ==========

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Don

->Temp folder emptied: 2442557 bytes

->Temporary Internet Files folder emptied: 66927602 bytes

->Java cache emptied: 11348758 bytes

->Google Chrome cache emptied: 47066192 bytes

->Apple Safari cache emptied: 9530368 bytes

->Flash cache emptied: 1063123 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 132,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11182012_215118

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Here's the ADWCleaner log:

# AdwCleaner v2.007 - Logfile created 11/18/2012 at 22:03:25

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Don - DON-PC

# Boot Mode : Normal

# Running from : C:\Users\Don\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.35] : search_url = "hxxp://www.searchqu.com//web?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [15499 octets] - [16/11/2012 19:04:27]

AdwCleaner[R2].txt - [1056 octets] - [16/11/2012 19:11:37]

AdwCleaner[R3].txt - [1148 octets] - [18/11/2012 14:37:54]

AdwCleaner[R4].txt - [1208 octets] - [18/11/2012 14:38:49]

AdwCleaner[s1].txt - [15520 octets] - [16/11/2012 19:08:23]

AdwCleaner[s2].txt - [1119 octets] - [16/11/2012 19:12:36]

AdwCleaner[s3].txt - [1123 octets] - [18/11/2012 22:03:25]

########## EOF - C:\AdwCleaner[s3].txt - [1183 octets] ##########

Link to post
Share on other sites

Here's the MBAM log: same results - Hijack.UserInit detected - Avira blocked access to the registry. Computer is running fine at the moment, but never know when the next unexpected shutdown will happen. I've been running in Safe Mode all day with no problem.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.18.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Don :: DON-PC [administrator]

Protection: Enabled

18/11/2012 22.10.38

mbam-log-2012-11-18 (22-10-38).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 161401

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good afternoon dg241,

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I had to run ComboFix in Safe Mode. My computer shut down while reading this forum in regular mode.When I started CF, it claimed that Avira was still running, although I had checked that it wasn't running, both in the program and in Task Manager. I did disable Windows Firewall. There was an "Out of Memory" message during one of the stages, and a message that CF could not write to a certain memory address. Here's the log - and thanks for your help!

ComboFix 12-11-16.02 - Don 19/11/2012 8.30.04.2.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2545 [GMT 1:00]

Running from: c:\users\Don\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 07:40 . 2012-11-19 07:40 -------- d-----w- c:\users\Don\AppData\Local\temp

2012-11-19 07:40 . 2012-11-19 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-19 06:58 . 2012-11-19 06:58 -------- d-----w- C:\66b78112272c5898ea8047d82b7262

2012-11-18 20:51 . 2012-11-18 20:51 -------- d-----w- C:\_OTL

2012-11-18 08:41 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-18 08:41 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-11-18 08:39 . 2012-11-18 08:41 -------- d-----w- C:\bfc995f074073d93676df94272619073

2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes

2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\programdata\Malwarebytes

2012-11-15 21:05 . 2012-11-15 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-15 21:05 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 07:01 . 2012-11-15 07:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB91386-9892-41A4-8527-5A688D233B72}\offreg.dll

2012-11-14 20:24 . 2012-10-19 08:38 26248 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-11-14 19:29 . 2012-10-19 08:43 2097032 ----a-w- c:\windows\system32\Incinerator32.dll

2012-11-14 19:29 . 2012-10-19 09:01 41176 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-11-14 19:29 . 2012-10-19 09:01 23128 ----a-w- c:\windows\system32\smrgdf.exe

2012-11-14 19:29 . 2012-10-19 08:38 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys

2012-11-14 19:29 . 2012-10-19 08:38 56200 ----a-w- c:\windows\system32\offreg.dll

2012-11-14 19:29 . 2012-11-14 19:29 -------- d-----w- c:\program files\iolo

2012-11-14 19:27 . 2012-11-14 19:27 74703 ----a-w- c:\windows\system32\mfc45.dat

2012-11-14 19:27 . 2012-11-14 19:27 -------- d-----w- C:\iolo

2012-11-14 19:25 . 2012-11-16 01:35 -------- d-----w- c:\programdata\iolo

2012-11-14 19:25 . 2012-11-14 19:48 -------- d-----w- c:\users\Don\AppData\Roaming\iolo

2012-11-12 19:28 . 2012-10-12 18:09 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-11-12 18:44 . 2012-11-12 18:44 -------- d-----w- c:\programdata\IObit

2012-11-12 18:44 . 2012-11-14 21:35 -------- d-----w- c:\users\Don\AppData\Roaming\IObit

2012-11-12 18:43 . 2012-11-12 18:43 -------- d-----w- c:\program files\IObit

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-10 20:25 . 2012-11-10 20:25 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-11-10 20:25 . 2012-11-10 20:25 -------- d-----w- c:\program files\QuickTime

2012-11-09 18:59 . 2012-10-17 00:32 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB91386-9892-41A4-8527-5A688D233B72}\mpengine.dll

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-24 18:32 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 20:33 . 2012-10-17 20:43 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-14 20:33 . 2012-10-17 20:43 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-14 20:33 . 2012-10-17 20:43 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-07 19:10 . 2012-03-29 20:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-07 19:10 . 2011-08-04 21:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-05 09:59 . 2010-01-27 21:37 5642 --sha-w- c:\programdata\KGyGaAvL.sys

2012-09-13 13:28 . 2012-10-10 02:12 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-04 20:10 . 2012-08-18 21:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-04 20:10 . 2012-08-18 21:24 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-29 11:27 . 2012-10-10 02:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27 . 2012-10-10 02:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53 . 2012-10-10 02:12 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 11:01 . 2012-09-15 19:52 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 11:01 . 2010-10-13 19:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]

"Facebook Update"="c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"NDSTray.exe"="NDSTray.exe" [bU]

"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-04-10 143360]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"HostManager"="c:\program files\Common Files\AOL\1241861114\ee\AOLSoftware.exe" [2010-03-08 41800]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]

"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]

"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]

"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2009-04-10 200704]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-14 384800]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2008-3-19 43608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ ?p?\0??\0\0????\0?p?\0??\0autocheck smrgdf c:\users\Don\AppData\Roaming\iolo\\0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:10]

.

2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000Core.job

- c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 05:54]

.

2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-189833968-609856560-2626383556-1000UA.job

- c:\users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 05:54]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:55]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:55]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.it/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE "%1"

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Don\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-19 08:40

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-11-19 08:43:36

ComboFix-quarantined-files.txt 2012-11-19 07:43

ComboFix2.txt 2012-11-16 20:34

ComboFix3.txt 2012-11-16 18:56

.

Pre-Run: 88.236.736.512 bytes free

Post-Run: 88.247.996.416 bytes free

.

- - End Of File - - 052A3CDBA1A6B1D8562A86665DB46147

Link to post
Share on other sites

Good morning dg241,

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

I'm having trouble running Kaspersky. I tried it in Safe Mode on Sunday night, and when it said it would take more than 5 hours, I left it running overnight. On Monday morning, there was nothing on the screen and no log created that I could find. When I tried again, it said that I should reboot and run in regular mode, but my computer will not run in regular mode for very long without shutting down abruptly. I did try running the regular scan (without checking to run the whole C drive) in regular mode this morning, and it got to 99% and then hung for about 20 minutes. I finally had to shut down and go to work. Then same thing just happened, except the computer shut down during the 99%.

I wonder if my Avira AV could be infected. When I try to delete Hijcak.UserInit with Malwarebytes, I get an Avira message - "registry blocked - suspicious attempt to access the registry was blocked" and if I disable that feature, the same kind of message appears when I shut down or reboot.

Any ideas?

Link to post
Share on other sites

Hey dg241,

Please try this tool instead.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

Good afternoon dg241,

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.1

Java 7 Update 9

Java 6 Update 3

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader X (10.1.4)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

iolo Common Lib ioloServiceManager.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hey dg241,

Your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Please let me know if you have any issues updating Adobe Reader.

Link to post
Share on other sites

You will notice right under that indication that I have Adobe Reader X, and it is up to date. I'm not sure why this report lists the older version also. I find there is a Reader 8 folder in my Adobe folder, but it doesn't show up in programs that can be removed. Should I simply delete the folder?

Link to post
Share on other sites

Hello dg241,

Must just be a remnant. Please just delete the folder.

=====

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

And OTL:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.